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Storage  options  for 
SMBs  are  exploding. 

In  a  test  of  four  NAS 
devices  we  came  away  ' 
most  Impressed  with 
Infrant's  ReadyNAS  600. 
Page  4?  ..  / 
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Cisco  talking 
IP-radio  nets 

BY  PHIL  HOCHMUTH 

Cisco  this  week  is  expected  to  announce  new  technol¬ 
ogy  and  a  business  unit  focused  on  integrating  two-way 
radio,  cellular,  VoIP  and  other  communications  methods 
into  an  IP  backbone. 

The  IP  Interoperability  and  Collaboration  System  (IPICS) 
consists  of  existing  Cisco  products  and  new  server  soft¬ 
ware  that  Cisco  says  will  let 
public  safety  organizations  and  ^  Juniper  claims 
companies  IP-enable  two-way  gains  in  enterprise 
radio  voice  traffic  and  integrate  networks.  Page  8. 

disparate  radio  infrastructures 
with  other  public  safety  or  private  organizations. 

While  initially  focused  on  public  safety  and  government 
users  —  patching  together  systems  of  separate  police,  fire 
and  governmental  organizations,  for  example  —  Cisco 
says  the  IPICS  platform  will  appeal  to  a  broad  range  of 
public  and  private  enterprise  customers  because  the  sys¬ 
tem  also  is  capable  of  integrating  disparate  data  and  video 

See  Cisco,  page  16 


Regulators  to  bankers: 
Fighten  up  online  security 


BY  ELLEN  MESSMER 

Federal  regulators  last  week 
issued  new  Internet  banking  stan¬ 
dards  that  will  require  adoption 
of  stronger  authentication  meth¬ 
ods  by  the  end  of  next  year. 

The  Federal  Financial  Institu¬ 
tions  Examination  Council 
(FFIEC)  said  the  industry  needs 


to  adopt  more  than  just  single¬ 
factor  authentication  for  online 
banking  in  order  “to  reduce 
fraud,  to  inhibit  identity  theft,  and 
to  promote  the  legal  enforceabil¬ 
ity  of  their  electronic  agreements 
and  transactions.”  Government 
auditors  are  expected  to  begin 
See  Banking,  page  14 
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Deciphering  the  world  of  crypto 

IETF  opens  its  arms  to  lesser-known  algorithms  such  as  SEED  and  GOST. 


BY  ELLEN  MESSMER 


The  IETF  standards  for  Web, 
VPN  and  e-mail  security  have 
been  driven  with  crypto  algo¬ 
rithms  approved  by  the  US. 
government,  primarily  via  the 
National  Institute  of  Standards 
and  Technology 
Triple-DES  is  defined  as  a 
must  for  any  product  imple¬ 
mentation  based  on  IETF  stan¬ 
dards.  The  newer  128-bit 


It’s  the  computational  magic 
for  scrambling  data  to  keep 
it  secret,  and  in  the  US.,  the 
best-known  cryptographic 
algorithms  go  by  names  such 
as  Triple-DES  and  AES. 

But  in  other  countries,  such 
as  South  Korea,  Russia  and 
Japan,  it  is  SEED,  GOST  and 
Camellia  that  say  security  say 
nothing  of  specialized  cryptos 
such  as  CAVE  and  A5/1 . 

It’s  a  wide  world  of  encryption,  and  the 
IETF  which  shepherds  Internet  protocols,  is 
embracing  it. 


Advanced  Encryption  Stan¬ 
dard  (AES)  —  a  ciplier  invent¬ 
ed  by  Belgian  cryptographers  that  was  selected 
as  the  US.  standard  in  late  2001  after  a  five-year 

See  Crypto,  page  94 
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Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/security/IT 


Free  Tools  and  Updates:  Slreamiine  patch  management, 
with  automated  tools  like  Windows  Server  mJpd  Services. 
And  verify  that  your  systems  are  configured  for  maximized 
security  with  Microsoft  Baseline  Security  Analyzer. 


Microsoft  Risk  Assessment  Tool:  Complete  this  free,  online 
self-assessment  to  evaluate  your  organization's  security 
practices  and  identify  areas  for  improvement. 


Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen'  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content. 


Learning  Paths  for  Security:  Take  advantage  of  in-depth 
online  training  tools  and  security  expert  webcasts  organized, 
around  your  specific  needs.  Then  test  your  security  solutions 
in  virtual  labs,  all  available  on  TechNet.  .  i-.'  .. 
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TURNED  AWAY 


AT  THE  GATE 


MICROSOFT.COM/SECURITY/IT 
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Buy  nothing 
now.  Learn 
howto 
buy  even 
less  later. 


No  commitments.  No  obligations.  A  half  hour  is  all  we  need  to 
demonstrate  how  Pillar  Axiom™  drives  down  networked  storage 
costs.  By  combining  SAN  and  NAS  into  one  system,  it  dramatically 
reduces  administration  and  support.  With  top-tier  performance  and 
scalability  on  a  single  software  license,  it  eliminates  unexpected 
fees.  And  because  our  storage  system  can  often  be  installed  for  less 
than  some  companies'  storage  maintenance  budgets,  it  can  really 
save  on  the  bottom  line. 


You've  got  nothing  to  lose  and  everything  to  gain  by  hearing  our 
honest  approach  to  networked  storage.  Call  1-877-252-3706 
to  schedule  a  briefing  or  visitwww.piliardata.com/less 


©  2005  Pillar  Data  Systems  Inc.  All  rights  reserved.  Pillar  Data  Systems,  Pillar  Axiom, 
and  the  Pillar  logo  are  all  trademarks  of  Pillar  Data  Systems. 


Learn  the  truth  about  networked  storage. 

Get  your  FREE  subscription 
to  AXIOM  Journal 
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COOLTOOLS 

At  FInStm  FS-4  caplins  digital 
video  direct  fiwn  a  video  camora  in  Ibr- 
nats  SMh  as  Windows  AVI,  RawDV  and 
Qnickrinie.  Pago  36. 


Every  network  is  vulnerable 
to  some  type  of  attack.  The 
important  thing  is  how  you 
respond.  Find  out  what  action 
to  take  should  this  unfortunate 
,  .  occurrence  happen  to  your 
organization,  Page  42. 
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Olear  Ofioice  Test; 

Storage  options  aplenty  in  the  SMB-based  NAS  market.  Page  47. 

Face-Off: 

Cisco's  Rob  Bedford,  left,  and  Aventail's 
Evan  Kaplan  debate  which  is  better:  a 
smart  or  dumb  network?  Page  38. 

The  New  Data  Genler 


Piecing  together  the  next-generation 
IT  arcnitecture 

Our  ongoing  series  continues  with  a  guide  to  out¬ 
sourcing,  new-data-contor  style.  Inside  you'll  find: 

•  Options  from  leading  outsourcers. 

•  Tips  from  IT  execs, 

•  Five  critical  questions  to  ask  prospective  partners. 

PLUS:  Best  picks  of  new  data  center  preducts, 
and  more. 

Stories  begin  after  page  58. 
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Available  only  on  NetworkWorld-com 


Face-Off:  Are  smart  networks 
worth  the  investment? 

Rob  Bedford,  vice  president  of 
product  and  technology  marketing 
at  Cisco,  and  Aventail  CEO  Evan 
Kaplan  debate  the  issue.  Read 
their  comments,  then  Jump  in  with 
your  comments. 

DocFinder:  9343 

Forum:  Your  network  world  10 
years  ago 

NetworkWorld.com  turns  10  this 
week,  and  to  celebrate  columnist 
Chuck  Yoke  looks  back  at  what  his 
network  world  was  like  in  1995: 
"Sorry,  Buddy,  you  may  want  to 
go  back  10  years,  but  I  think  I'll 
stay  right  here,"  Read  his  reminis¬ 


cences,  then  head  into  our  forum 
to  add  your  own.  What  was  your 
network  like  in  '95? 

DocFinder:  9344 

Forum:  The  future  of  Vonage 

Columnist  Mark  Gibbs  wonders 
whether  the  services  has  much  of 
a  future  in  its  present  form. 
Readers  react.  DocFinder:  9345 

Podcast:  HP's  Mark  Potts  on  SOA 

We  talk  with  Mark  Potts,  CTO  of 
HP’s  Management  Software 
Business,  about  HP's  view  on  the 
state  of  service-oriented  architec¬ 
ture  implementations  in  customer 
sites. 

DocFinder:  9346 


Online  help  and  advice 

Compendinm 

Concerned  about  technological 
intrusions  on  your  privacy? 
Executive  Editor  Adam  Gaffin 
points  you  to  directions  on  building 
a  personal  anti-REID  device. 
DocFinder:  9347 

Adobe  (eventually)  gets  it  right 

IT  Borderlands'  Ken  Fasimpaur  on 
Adobe  Reader  7.0.5  update  and 
why  it's  a  step  forward;  "When 
something  is  inherently  difficult, 
like  software  patching,  it's  worth 
going  to  whatever  lengths  are 
necessary  to  make  it  as  simple 

Seminars  and  events 


as  possible."  DocFinder:  9348 
Telework  Beat 

Senior  Editor  Ann  Bednarz  says 
technologies  are  tailor-made  for 
virtual  call  center  settings. 

DocFinder;  9238 

Home  LAN  Adventures 

Freelance  editor  Sandra  Gittlen 
re-examines  her  adventures  in 
"anti-spam  Hell"  when  her  well- 
meaning  efforts  to  rid  her  system 
of  spam  caused  mqjor  headaches. 
Read  and  learn  from  her  mistakes. 
DocFinder:  9349 


Small  Business  Tech 

Better  phone  services  for  small  businesses 

Columnist  James  Gaskin  says  big-company  phone  features  now  are 

affordable  and  available  for  small  businesses. 

DocFinder:  9358 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocHnder:  1001 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 

What  is  DocFinder? 

We’ve  made  It  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  Jump  directly 
to  the  requested  information. 


6  •  www.networkwopid.com  •  10.24.05 


Cisco  to  sink  $1.1  biiiion  into  India 

■  Cisco  last  week  said  it  will  invest  $1.1  billion  in  India  over  the  next 
several  years,  with  new  projects  in  R&D,  venture  capital,  equipment 
financing  and  customer  support  targeted  for  the  world’s  second-largest 
country  Cisco  CEO  John  Chambers  said  the  move  is  to  address  the  fast¬ 
growing  economy  and  IT  needs  of  India.“lndia  has  rapidly  risen  to 
become  a  major  force  in  the  global  econom>^’he  said  in  a  statement.“As 
Indian  companies  strive  to  be  globally  competitive,  they  have  realized 
the  importance  of  investing  in  information  technology  and  networking.” 

According  to  the  World  Bank,  India’s  IT  sector  accounted  for  approxi¬ 
mately  4%  of  its  gross  domestic  product  between  2003  and  2004,  with  almost  a  mil¬ 
lion  employed  in  the  sector.  More  than  100  multinational  corporations  have  set  up 
R&D  centers  in  India. 


TheGoodTheBadTheUgly 

<  Go  west,  IT  workers,  it  profession 

als  seeking  work  have  the  best  chance  of  finding  jobs 
on  the  West  Coast,  according  to  research  from 
an  employment  services  company  aired 
last  week.  Nationally,  16%  of  CIOs 
plan  to  hire  staff  in  the  fourth  quar¬ 
ter,  the  highest  net  increase  since  the 
third  quarter  of  2002,  according  to 
the  "Robert  Half  Technology  IT  Hiring 
Index  and  Skills  Report."  Networking 
professionals.  Web  and  applications 
developers,  database  administrators 
and  software  engineers  are  in  the 
greatest  demand. 

Snort  foils  short.  SourceOre,  which  oversees  the  open- 
source  intrusion-detection  system  Snort  and  makes  commercial  prod¬ 
ucts  based  on  it,  last  week  disclosed  a  mqjor  vulnerability  in  the  tech¬ 
nology  along  with  corrective  measures  to  mitigate  the  risk.  Details 
about  the  vulnerability  and  mitigation  instructions  from  Sourcefire  are 
available  at:  www.networkworld.com,  DocFinder:  9357. 


Amazon.com  expands  there,  too 

■  Amazon.com  will  open  a  second  development 
center  in  India,  to  be  located  in  the  southern  city  of 
Chennai.The  center  will  focus  on  developing  new  fea¬ 
tures  for  Amazon.com’s  sites  worldwide  that  will  help 
customers  find  anything  they  want  to  buy  online,  the 
company  said.  The  company  set  up  its  first  develop¬ 
ment  center  in  India  last  year,  in  Bangalore.  That  cen¬ 
ter  is  focused  on  search  technology  and  Web  services, 
a  company  spokesman  said.The  development  center 
in  Chennai  is  the  company’s  fourth  software  develop¬ 
ment  center  outside  the  US.  Amazon.com  also  has 
centers  in  Edinburgh,  Scotland,  and  Cape  Town,  South 
Africa.  Its  primary  development  center  in  the  US.  is  in 
Seattle. 

Oracle  database  targeted 

■  Database  administrators  have  added  incentive 
to  install  Oracle’s  latest  security  patches  released 
last  week.  Malicious  software  is  circulating  that  can 
crash  an  unpatched  databcise  server,  and  one  secu¬ 
rity  expert  predicted  that  more  malware  targeting 
the  89  recently  patched  vulnerabilities  is  on  the 
way.  On  Thursday,  code  was  published  on  the  Full 
Disclosure  security  mailing  list  that  exploits  a 
buffer  overflow  vulnerability  in  certain  versions  of 
Oracle’s  databases.  This  code  could  be  used  by 
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“I  have  never,  honestly,  thrown  a 
chair  in  my  life.” 

Steve  Balmer,  Microsoft  president  and  CEO,  responding  to  an 
audience  question  about  how  many  chairs  he  might  throw 
should  the  oft-rumored  Microsoft/AOL  deal  go  south. 

attackers  to  bring  down  a  database,  using  a  tech¬ 
nique  called  an  SQL  injection  attack,  says 
Alexander  Kornbrust,  a  business  director  at  Red- 
Database-Security.  Earlier  in  the  week  Oracle 
released  a  bundle  of  critical  security  patches  that 
fixed  89  bugs  in  its  database  and  application 
servers,  as  well  as  some  PeopleSoft  and  J.D. 
Edwards  applications.  More  information  can  be 
found  at  www.networkworld.com,  DocFinder:  9356. 

Microsoft  releases  Exchange  2003  SP 

■  Microsoft  last  week  released  the  second  service 
pack  for  Exchange  2003,  which  is  half  of  the  software 
the  company  is  developing  to  improve  the  delivery  of 
e-mail  to  Windows-based  mobile  devices. The  mobile 
features  in  Exchange  2003  Service  Pack  2  are  a  direct 


“As  seen  by  the  familiar 
faces  of  these  limo  drivers, 
the  dot<om  bust  has  gotten 
even  worse.  ” 

Bill  Clark  of  Heber  City,  Utah,  takes  top 
honors  this  week  in  a  very  tight  race.  Head 
over  to  Layer  8  to  read  the  runners-up  and 
come  back  every  Monday  for  the  start  of  a 
new  contest 

www.networkworld.com/weblogs/layer8 


Laptop  meltdown  HP  has  recalled  around  135,000  lithi¬ 
um-ion  rechargeable  battery  packs  after  several  melted  or  charred  the 
plastic  cases  of  laptops,  a  company  spokesman  said.  The  battery  is 
used  with  the  HP  Pavilion,  Compaq  Presario,  HP  Compaq  and  Compaq 
Evo  laptops.  The  battery  is  made  by  a  third-party  vendor  that  HP  would 
not  identify. 


hit  at  BlackBerry  devices  from  Research  in  Motion, 
which  offers  the  same  instant  updates  to  corporate  e- 
mail,  calendars  and  contacts.  Microsoft  currently  uses 
Short  Message  Service  to  notify  a  mobile  device  of 
new  e-mail.The  device  then  retrieves  the  e-meiil  from 
the  server.  With  the  new  Direct  Push  Technology  in 
SP2,  e-mail  will  be  automatically  pushed  to  the  device 
using  an  HTTP  connection  maintained  by  the  device. 
SP2  includes  new  spam-protection  features,  including 
support  for  Sender  ID  and  updates  to  the  Exchange 
Instant  Message  Filter;  remote  management,  including 
Remote  Wipe  to  clear  data  from  lost  devices;  and  pol¬ 
icy  enforcement  controls,  such  as  requiring  a  pass¬ 
word  to  unlock  a  device. 

EMC  snaps  up  Gaptiva 

■  EMC  last  week  agreed  to  acquire  Captiva 
Software,  a  maker  of  software  for  digitally  capturing 
documents.The  price  Wcis  about  $275  million.  EMC 
has  a  partnership  with  Captiva  in  which  it  inte¬ 
grates  Captiva’s  InputAccell  software  with  its  own 
Documentum  enterprise  management  platform. 
The  company  plans  to  further  integrate  Captiva 
software  into  its  own.  EMC  will  keep  selling  and 
developing  Captiva’s  stand-alone  products.  The 
companies’  combined  technologies  will  let  corpo¬ 
rations  eliminate  paper  or  automatically  digitally 
capture  information  and  integrate  it  with  electron¬ 
ic  business  processing,  EMC  says.  (Read  more 
about  EMC,  with  its  move  into  the  continuous  data- 
protection  market,  page  13.) 
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High-def  videoconferencing  hits  the  market 


BY  JASON  MESERVE 

PHOENIX  —  Polycom  last 
week  took  advantage  of  the 
Polycom  User  Group  confer¬ 
ence  to  announce  products  to 
support  high-definition  video- 
conferencing. 

High-definition  video  offers  10 
times  the  resolution  (number  of 
pixels)  as  standard  videoconfer¬ 
encing,  meaning  better  picture 
clarity. 

Polycom  said  it  is  shipping  up¬ 
graded  software  for  its  media  gate¬ 
way  controller  units,  which  are 
used  to  connect  multiple  end¬ 
points  in  a  single  call.  The  soft¬ 
ware  allows  for  as  many  as  90 
simultaneous  high-definition  calls 
running  at  IM  bit/sec,  the  mini¬ 
mum  amount  of  bandwidth  need¬ 
ed  to  make  a  call  at  the  higher 
video  resolution. 

The  company  also  said  it  will 
make  available  a  $6,000  upgrade 
kit  for  its  high-end  VSX  8000  group 


Mot  so  last 

Barriers  to  high-definition 
videoconferencing: 

•  Upgrade  to  high  definition 
capable  display  - 

Most  are  running  standard  television. 

•  Upgrade  to  high  definition  camera 

-  Most  appliances  have  standard- 
definition  cameras  built-in. 


•  Need  MD  mulHpoint  control  urt  - 

For  connecting  multiple  endpoints  in  an 
all  high-definition  call.  Polycom  is  the 
only  company  currently  offering  high- 
definition  support  in  an  MCU. 


•  Moretendwidth- 

Need  IM  to  3M  bIt/sec  for  a  single  call. 

•  Two-we^  street - 

The  other  end  of  the  call  needs  high 
definition  for  the  full  experience, 

SOURCE:  WAINHOUSE  RESEARCH 


conferencing  unit  in  the  second 
quarter  of  2006.The  kit  will  feature 
a  new  camera  and  accessories  to 
give  high-definition  capabilities  to 
existing  units. 

But  are  customers  ready  for  high 
definition? 

“HD  is  a  great  concept,  but  for  a 
company  of  our  size,  how  can  we 
afford  to  replace  370  video  units, 
some  with  dual  monitors, with  HD 
screens?  It’s  not  cost  effective,” said 
Stephen  Callaghan,  senior  video 
architect  at  Bristol-Myers  Squibb 
(BMS)  in  New  York.  “Plus,  band¬ 
width  may  be  cheap,  but  at  our 
size  and  the  fact  you  need  IM 
bit/sec,  that’s  a  lot  of  bandwidth. 
Our  biggest  call  has  100  users.” 

Callaghan  said  videoconferenc¬ 
ing  traffic  on  the  BMS  network 
takes  a  back  seat  to  drug  and  com¬ 
pany  financial  data.  BMS  runs  con¬ 
ferences  at  an  average  of  384K 
bit/sec,  which  is  three  times  the 
current  industry  standard  of  128K 


bit/sec,  he  added. 

Polycom  downplays  the  ad¬ 
vancement  as  well.  “HD  is  nice  to 
have,  but  we  don’t  think  it  will 
change  the  number  of  partici¬ 
pants”  in  the  market,  said  John 
Antanaitis,  senior  director  of  prod¬ 
uct  marketing  for  the  video  com¬ 
munications  division,  who  adds 
that  pipe  size  also  is  a  factor. 
“There’s  a  limit  on  bandwidth. 
Tandberg  is  claiming  3M  bit/sec 
on  a  call  and  we’re  going  to  start 
at  IM  bit/sec,  but  most  organiza¬ 
tions  won’t  have  that.” 

Antanaitis  said  early  adopters 
will  probably  be  in  the  Internet2 
community  educational  institu¬ 
tions  and  especially  healthcare, 
where  full-fidelity  images  are 
important  for  applications  such  as 
looking  at  a  skin  lesion  during  a 
telemedicine  session. 

Even  for  some  of  the  potential 
early  adopters,  bandwidth  could 
still  be  a  challenge.'TM  bit/sec  is 


all  of  our  T-1  connection,”  said 
Michael  Roscoe,  network  techni¬ 
cian  for  the  Eastern  Montana 
Telemedicine  Network  in  Billings, 
a  consortium  of  about  30  hospi- 
tals.“And  bandwidth  is  still  expen¬ 
sive  in  Montana.” 

In  a  May  2005  survey  Wainhouse 
Research  asked  416  users  what 
their  plans  were  for  high  defini¬ 
tion  and  47%  said  it  would  have 
little  or  no  impact.  Only  12%  said 
they  would  move. 

Why  the  Polycom  announce¬ 
ment  then?  Polycom  must  contin¬ 
ue  to  innovate  and  improve  quali¬ 
ty  analysts  say  And  other  vendors 
are  getting  involved  in  high  defini¬ 
tion.  Start-up  LifeSize  Communica¬ 
tions  is  scheduled  to  ship  end¬ 
points  with  high-definition  capa¬ 
bilities  this  year,  and  Codian  has  a 
high-definition  multipoint  control 
unit  in  the  works.There  is  now  no 
high-definition  endpoint  available 
from  major  manufacturers.  ■ 
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Juniper  gains  corp.  network  ground 

Company  sees  big  gains  in  key  enterprise  technology  areas. 


BY  JIM  DUFFY 

Juniper  last  week  offered  up 
fresh  evidence  that  its  enterprise 
networks  strategy  is  working,  as  it 
posted  third-quarter  financial 
results  that  included  security- 
product  sales  growth  nearly  dou¬ 
ble  that  of  competitors  over  the 
past  year. 

The  company  made  a  deter¬ 
mined  effort  to  enter  the  enter¬ 
prise  market  about  18  months 
ago,  with  the  $4  billion  acquisition 


BY  TIM  GREENE 

Juniper  Networks  this  week 
plans  to  unveil  a  policy  manage¬ 
ment  appliance,  a  key  piece  of  a 
secure  network  access  scheme 
designed  to  rival  those  of  Cisco 
and  Microsoft. 

The  major  difference  between 
Juniper’s  Infranet  strategy  and 
Cisco’s  Network  Admission  Con¬ 
trol  (NAC)  system  is  that  Cisco 
uses  switches  and  routers  to  deny 
access  to  unqualified  machines 
while  Juniper  relies  on  its  firewalls 
(though  says  it  will  use  other  ven¬ 
dors’  switches  over  time). 

Microsoft’s  Network  Access  Pro¬ 
tection  (NAP)  scheme  also  relies 
on  other  vendors’  gear  to  enforce 
policies  and,  like  Cisco’s  plan,  is 
supported  by  an  extensive  part¬ 
ner  program.  Other  vendors,  such 
as  Aventail,  Elemental  and  Sygate, 
offer  products  that  can  be  used  to 
control  network  access  without 
relying  on  network  hardware  for 
enforcement. 

Juniper’s  Infranet  architecture 
calls  for  placing  its  appliances, 
dubbed  Infranet  Controllers,  in  a 
network  where  computers  log¬ 
ging  on  can  reach  them  and  users 
can  authenticate  (see  graphic). 
The  devices  send  an  Infranet 
Agent  —  a  Java  applet  or  Active  X 
agent  —  down  to  the  computer  to 
scan  it  for  compliance  with  net¬ 
work  security  policies.  This 
includes  looking  for  updated 
virus  signatures,  software  patches 
and  the  like. 

Juniper  touts  its  architecture  as 
less  intrusive  than  Cisco’s  because 
it  overlays  security  on  LANs  with¬ 
out  requiring  costly  switch 
upgrades.  NAC  requires  that  Cisco 


of  leading  firewall  and  VPN  ven¬ 
dor  NetScreen.  Juniper’s  move 
perplexed  the  industry  at  the 
time,  because  CEO  Scott  Kriens 
pledged  in  2002  not  to  compete 
with  the  company’s  core  service 
provider  customers  by  also  selling 
routers  and  other  products  into 
the  enterprise  (www.network 
world.com,  DocFinder:  9525). 

But  Juniper  maintains  that  it 
always  sold  into  the  enterprise  via 
indirect  channels  even  before  the 


switches  be  brought  up  to  an 
acceptable  lOS  software  version. 
To  use  switches  as  enforcement 
points.  Juniper’s  Infranet  requires 
the  cooperation  of  other  vendors, 
which  may  prove  challenging  in 
the  case  of  Cisco.  Juniper  has  a 
partner  program  of  its  own  for  this 
purpose  and  is  working  with  the 
Trusted  Computing  Group  to 
develop  specifications  that  switch 
vendors  can  adopt  to  enable 
them  to  become  enforcement 
points. 

Because  Cisco  owns  more  than 
70%  of  the  switch  market. 
Juniper’s  Infranet  will  have  to 
work  its  way  into  Cisco  shops. 
Juniper  sells  no  switches  of  its 
own,  so  many  potential  Infranet 
customers  will  have  to  weigh 


NetScreen  acquisition. 

Enterprise  now  accounts  for 
one-third  of  Juniper’s  yearly  rev¬ 
enue  of  more  than  $2  billion, 
Kriens  said  last  week  during  a 
conference  call  to  discuss  third- 
quarter  results,  which  beat  analyst 
forecasts  on  both  revenue  and 
earnings  —  and  enterprise  prod¬ 
uct  sales,  which  were  up  17% 
sequentially“For  a  company  look¬ 
ing  to  get  into  the  enterprise, 
three-quarters  of  a  billion  dollars 


overla34ng  Juniper’s  firewalls  and 
Infranet  Controllers  vs.  upgrading 
their  switches  to  determine  what 
makes  the  best  security  and  finan¬ 
cial  sense,  says  Eric  Maiwald, 
senior  analyst  with  Burton  Group. 
Some  all-Cisco  shops  “say  yes  to 
NAC  but  say  it  may  take  a  white 
because  of  all  the  upgrades  they 
have  to  go  through,”  he  says,  and 
such  customers  may  view  Infranet 
as  an  interim  alternative. 

Compucredit,  an  Atlanta  finan¬ 
cial  firm,  tested  beta  models  of 
Infranet  Controller  as  a  way  to 
simplify  administration  of  end 
user  access  rights,  as  end  users 
move  from  location  to  location 
on  the  network,  says  Ben  Griffin, 
senior  network  and  systems  engi¬ 
neer  for  the  company.  Currently 


in  business  is  not  bad,”  Kriens 
quipped. 

Leading  into  the  third  quarter. 
Juniper’s  enterprise  business 
appeared  stalled.  Sequential  sales 
of  the  NetScreen  products  had 
fallen  below  analyst  expectations 
for  three  of  the  past  four  quarters. 

In  the  second  quarter,  for  exam¬ 
ple,  Juniper  experienced  soft 
security-product  sales  with  se¬ 
quential  quarterly  growth  of  only 
1.4%,  according  to  UBS  Warburg. 


end  user  rights  are  tied  to  sub¬ 
nets  and  virtual  LANs  (VLAN), 
which  requires  network  adminis¬ 
trators  to  intervene  when  an  end 
user  switches  desks.  He  found 
that  end  user  security  staff  rather 
than  network  infrastructure  staff 
could  handle  changes  on  the 
Infranet  Controller  without  hav¬ 
ing  to  tinker  with  the  structure  of 
VLANs  or  change  firewall  set¬ 
tings.  “That’s  a  30%  to  40%  time 
savings,”  Griffin  says. 

Juniper’s  Infranet  Controller 
comes  in  two  models,  the  IC  4000 
and  IC  6000.  The  4000  supports 
100  to  3,000  simultaneous  com¬ 
puters  and  costs  $25,000  to 
$160,000, while  the  6000  supports 
250  to  25,000  endpoints  and 
costs  $60,000  to  $390,000.  ■ 


UBS  points  out,  however,  that  the 
security  hardware  market  slowed 
in  the  fourth  quarter  of  2004  and 
the  first  quarter  of  2005. 

Nonetheless,  “Juniper  has  only 
achieved  our  estimate  for  security 
product  sales  in  one  of  the  four 
quarters  since  the  company  has 
acquired  NetScreen,”  wrote  UBS 
Analyst  Nikos  Theodosopoulos  in 
a  mid-September  bulletin. 

UBS  forecast  5%  sequential 
growth  in  security  for  Juniper  in 
the  third  quarter,  but  the  company 
had  an  8%  gain.  Even  more 
impressive  was  the  37%  year-over- 
year  growth  that  Juniper  says 
almost  doubled  the  growth  of  its 
“pure  play”  peer  group  security 
competitors  —  Check  Point  Soft¬ 
ware,  SonicWall  and  WatchGuard 
Technologies  —  over  the  same 
period. 

Cisco,  which  Juniper  does  not 
consider  to  be  in  its  pure  play 
security  peer  group,  because  it  in¬ 
cludes  sales  of  routers  with  inte¬ 
grated  security  had  25%  year-over¬ 
year  growth  in  security  sales  in  its 
fourth  quarter  that  ended  July  30. 

Juniper  scoffed  at  the  sober  pre¬ 
dictions  analysts  had  for  the  third 
quarter. 

“It  was  interesting  —  actually 
more  comical  —  watching  the  re¬ 
search  come  out,”  says  Jim  Dolce, 
Juniper’s  executive  vice  president 
of  worldwide  field  operations. 

The  enterprise  market  is  very 
seasonal,  he  says.  Year-over-year 
comparisons  provide  a  more 
accurate  indication  of  perfor¬ 
mance,  he  adds. 

Dolce  says  Juniper  is  pleased 
with  its  results  in  the  enterprise. 

Not  all  is  well 

Still,  there  look  to  be  some  lag¬ 
gards  in  Juniper’s  enterprise  port¬ 
folio,  which  includes  M-  and  J- 
series  routers,  and  the  application 
acceleration  and  WAN  optimiza¬ 
tion  products  acquired  midyear 
from  Redline  Networks  and  Peri- 
bit  Networks,  respective^ 

The  Tseries  routers,  which  have 
been  shipping  for  about  a  year, 
logged  $2  million  to  $3  million  in 
sales  in  the  third  quarter,  Kriens 
said.This  is  up  slightly  from  the  $1 
million  to  $2  million  in  sales  from 
the  first  two  quarters,  but  accounts 
for  less  than  1%  market  share  in 
See  Juniper,  page  16 


Net  access  control  on  tap  from  Juniper 


Security  system 

Juniper  is  introducing  Infranet  Controller,  a  policy  appliance  for  protecting  network  assets  from 
unauthorized  use. 

Authentjcalion  servers  Datacenter  ^ 


Q  A  user's  PC  connects  to  Infranet  Controller  and  logs  on.  The  Controller  checks  the  user's  credentials  against  authentication  databases  and 
receives  policy  information  about  the  user  and  his  machine. _ 

B  Infranet  Controller  assesses  whether  the  machine  accessing  the  network  meets  the  securily-confguration  policy  and  downloads  the  user's 
access  policy  to  a  Juniper  firewall,  which  acts  as  the  enforcement  point  for  the  policy. 

B  When  the  end  user  attempts  to  reach  resources  protected  by  a  firewall,  it  either  grants  or  denies  access  based  on  the  policy. 
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Smarter  disk-based  backup.  Pathlight  VX  is  the  scalable  backup  and  restore  solcttion  that  increases 
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Looking  at  disk-based 
backup  but  not  sure  how 
to  make  it  happen?  Get 
the  smarter  disk  backup 
solution — Pathlight^  VX 
from  ADIC,  the  leading 
provider  of  tape  libraries 
for  open-systems  backup.  * 


the  capacity  and  reduces  the  cost  of  disk  backup  by  integrating  disk  and  tape  in  a  single,  unified  system. 
Disk  gives  you  twice  the  backup  performance  of  conventional  libraries — and  even  faster  restore.  Tape 
delivers  scalability,  value,  secure  retention,  and  flexible  disaster  recovery.  You  get  the  best  of  both 
technologies  in  a  single  solution  that  slips  right  into  your  existing  backup  system. 


Clear  investment  protection.  With  Pathlight  VX,  you  can  boost  your  backup  and  restore  whether  you 
need  a  system  for  3.8  TB  or  3,000  TB — and  pay  a  lot  less  for  it.  You  can  even  use  your  own  tape  library 
as  part  of  the  system — tape  storage  can  be  supplied  by  one  of  ADIC's  intelligent  Scalar®  libraries,  or  by 
your  legacy  StorageTek  L-Series’"’  system. 


Room  to  grow,  smarts  to  save.  Pathlight  VX  delivers  all  the  performance  of  disk  and  the  fault  toler¬ 
ance  of  RAID,  but  it  also  scales  to  meet  enterprise  capacity  demands  and  grows  easily  with  your  data- 
and  it  can  cut  your  costs  in  half  or  more  compared  to  conventional  products.  ,  ,,  .v 


"Market  share  from  Gartner  Dataquesl,  Tape  Automation  Systems  Market  Shares,  2003,  F.  Yale,  April  2004. 
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by  W.  Curtis  Preston,  Evaluating  Disk-Based  Backup  Solutions. 


Intelligent  Storage™ 
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Gartner  event  focuses  on  security 


Security  spending  ...  So  in  order  to  save  money 

Gartner  says  IT  security  Gartner  recommends: 

spending  is  growing  faster  than  •  Make  rtemalarri  external  apfiato 
overall  IT  spending  . . .  increase  quafty  and  reduce  security  flaws. 

2004  vs.  2005  budgets 


BY  MICHAEL  COONEY 
AND  NEAL  WEINBERG 

LAKE  BUENAVISTA,  Fla.— With 
many  keeping  one  eye  on 
Hurricane  Wilma  churning  off 
the  coast,  6,000  IT  executives  last 
week  heard  Gartner  analysts 
offer  their  vision  on  everything 
from  security  trends  to  wireless 
network  directions. 

The  Gartner  Symposium  and  IT 
Expo  2005  also  brought  out  190 
vendors  and  included  keynote 
presentations  from  Microsoft 
CEO  Steve  Ballmer,  HP  CEO  Mark 
Hurd  and  Dell  CEO  Michael  Dell. 

Ballmer  said  he  believes  his 
company  has  ironed  out  all  of 
the  security  problems  in  its  forth¬ 
coming  Windows  Vista  operating 
system  so  that  users  can  consider 
adopting  it  the  first  day  it  is 
released  —  for  the  most  part. 

“Most  people  will  trust  it  from 
day  one  on  their  home  comput¬ 
er,  and  then  they  will  have  to 
decide  about  their  corporate 
[PC].  I  encourage  you  to  get  it 
early,  but  I  must  be  honest  among 
friends,”  Ballmer  said. 

In  a  wide-ranging  chat  with 
Gartner  analysts,  Ballmer  touched 
on  some  of  the  prominent  topics 
surrounding  Microsoft  this  year, 
including  its  all-out  effort  to 
improve  security  the  competitive 
threat  from  Linux  and  Google,  and 
delays  in  Vista. 

Formerly  known  by  its  Long¬ 
horn  code  name,  Vista  was  origi¬ 
nally  supposed  to  be  available  by 
now  as  an  ambitious  upgrade  to 
Windows  XP  It  was  supposed  to 
include  a  new  file  system  and  a 
new  presentation  surface,  among 
other  features,  but  Microsoft  was 
unable  to  make  sure  all  the  new 
components  would  interoperate 
in  time  for  its  current  launch 
date,  the  second  half  of  next  year, 
Ballmer  said.  Instead,  Microsoft 
decided  to  roll  out  those  compo¬ 
nents  over  time  after  the  launch. 
This  also  gives  the  company’s 
developers  time  to  run  code 
through  tools  designed  to  probe 
for  security  weaknesses,  Ballmer 
said.“We  are  in  the  middle  of  the 
best  pipeline  of  products  we’ve 
ever  had.” 

The  security  concern 

But  Microsoft’s  security  issues 
weren’t  the  only  safety  chal¬ 
lenges  that  attracted  attention. 

Once  books  close  on  2005, 


spending  on  security  is  expected 
to  have  increased  16%  annually 
over  the  past  two  years,  or  four 
times  the  rate  of  overall  IT  spend- 
ing.That  security  splurge  is  unsus¬ 
tainable  for  most  customers,  said 
Gartner  Vice  President  John 
Pescatore. 

To  get  more  secure  and  spend 
less,  companies  should  focus  on 
process,  not  products,  said  Neil 
MacDonald,  vice  president  at 
Gartner.  “Businesses  should  in¬ 
crease  the  efficiency  of  the  secu¬ 
rity  program  either  by  reducing 
the  percentage  of  revenue  that 
goes  toward  security  spending  or 
increasing  the  amount  of  protec¬ 
tion  from  established  security 
spending  levels.  And  also  in¬ 
crease  the  effectiveness  of  the 
security  program,  reducing  the 
number  of  successful  incidents 
or  providing  security  controls 
that  don’t  interfere  with  business 
missions.” 

Pescatore  added  that  network- 
based  intrusion-prevention  sys¬ 
tems  (IPS)  are  mature  and 
should  be  deployed. On  the  other 
hand,  he  did  not  recommend  the 


widespread  use  of  host-based 
IPS,  because  it’s  more  difficult  to 
control  what’s  happening  at  the 
desktop  level. 

He  added  that  the  new  breed  of 
all-in-one  security  devices  could 
be  a  good  fit  for  small  or  midsize 
businesses  or  for  remote  offices 
or  retail  branches  of  a  large  com¬ 
pany,  but  said  all-in-one  appli¬ 
ances  don’t  have  the  perfor¬ 
mance  to  handle  security  for  a 
large  corporate  headquarters. 

Companies  should  have  anti¬ 
spyware  software  on  every  desk¬ 
top,  but  customers  should  not 
pay  extra  for  it,  MacDonald  said. 
They  should  demand  that  their 
existing  desktop  anti-virus  ven¬ 
dor  simply  add  anti-spyware  as 
an  additional  feature. 

The  changing  face  of  IT 

In  the  area  of  compliance,  ana¬ 
lyst  John  Bace  presented  re¬ 
search  showing  that  compliance- 
related  activities  eat  up  a  huge 
chunk  of  IT  budgets.  In  a  Gartner 
survey  of  900  CIOs,  respondents 
said  they’re  planning  to  allocate 
See  Gartner,  page  12 
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•  Don't  let  routine  matters  be  performed 
by  expensive  security  staff.  Focus  on 
new  threats. 

•  BiSd  a  Security  Immune  %stem:  Add  aiotfier 
layer  of  "skin”  and  make  your  network 
service  providers  give  you  dean  Pipes. 

•  Use  miiiple  s^les  of  protection  on  the 
network  and  hosts. 

•  Network-based  IPS;  host-based  IPS  on  al 
servers  and  laptops,  indudig  bdiat^ 
simulation  and  behavioral  monitor!^. 

•  Start  lab  testing  emerging  desktop  and 
server  virtualization  techniques.  These 
offer  new  protection  capabiities  and 
open  new  security  vulnerabilities.  You 
need  to  understand  both. 

•  Don't  buy  point  products  for  each  new  threat; 
newer  conveiged  platforms  are  capable  of 
"learning"  new  threats. 


School  nixes  malware  with  open  source 


BY  JOHN  COX 

ORLANDO  —  A  team  of  IT  staffers  at  the 
University  of  Indianapolis  last  week  showed 
off  a  bundle  of  open  source  tools  and  scripts 
it  uses  to  trap  and  isolate  PCs  infected  by 
viruses  or  spyware. 

Dubbed  Shelob,  after  the  sinister  giant  spider 
in  J.R.R.  Tolkien’s  “Lord  of  the  Rings,”  the  soft¬ 
ware  identifies  suspect  traffic  patterns,  identi¬ 
fies  the  computers  involved  and  then  shunts 
them  to  a  closed  virtual  LAN.  Users  get  an 
appropriate  Web  screen,  explaining  what’s 
happened  and  how  to  fix  their  PC  or  whom  to 
call  for  help. 

Shelob’s  inner  workings  were  shown  off  last 
week  in  Orlando,  Fla.,  at  Educause,the  annual 
user  conference  for  IT  professionals  in  higher 
education. 

The  school  says  that  since  being  rapidly 
thrown  together  during  the  Blaster  worm  out¬ 
break  of  2003,  Shelob  has  helped  to  keep  it 
free  of  network  or  service  outages  related  to 
virus  infections.  One  limitation  is  it  works  only 
with  clients  that  are  plugged  directly  into  the 
LAN,  not  wireless  devices. 

Shelob’s  creators  are  Shawn  Austin,  Matt 
Wilson  and  Steve  Corbin,  all  at  the  university. 
Currently  Shelob  is  not  publicly  available,  but 
that  could  change  as  early  as  this  week,says 
Wilson,  who  is  the  school’s  network  manager. 


To  detect  traffic  anomalies,  Austin  says,  the 
team  wrote  plug-ins  for  three  open  source  pro¬ 
grams  —  Snort,  an  intrusion-detection  pro¬ 
gram;  Amavisd,  an  interface  between  message 
transfer  agents  and  various  content  checking 
programs;  and  NMARa  network  scanner. A  tool 
called  Bleeding  Snort  keeps  Snort’s  virus  sig¬ 
natures  updated  daily 

Using  the  output  from  these  programs, 
Shelob  populates  a  MySQL  database  table 
with  a  list  of  media  access  control  addresses 
and  other  identifiers. 

Shelob  integrates  with  the  school’s  own  ver¬ 
sion  of  the  open  source  NetReg  application, 
which  is  used  to  register  an  unknown  DHCP 
client  before  it’s  granted  full  network  access. 
When  Shelob  identifies  an  infected  PC,  NetReg 
assigns  it  a  new  IP  address.  Then,  OpenVMPS 
(an  open  source  version  of  Cisco’s  VLAN  Mem¬ 
bership  Policy  Server)  reassigns  the  port  to 
which  the  PC  is  connected  to  a  virtual  LAN 
that  contains  only  other  infected  computers. 

Shelob  then  redirects  the  PC’s  DNS  lookup 
requests  to  a  Web  server,  which  then  delivers  a 
page  that  tells  the  end  user  about  the  infec¬ 
tion  and  tells  how  to  clean  it.  The  same  Web 
page  can  be  used  to  distribute  McAfee’s 
VirusScan,  virus  definition  files  and  Windows 
updates  or  patches. 

The  PC  is  quarantined  on  the  VLAN  until 


the  virus  is  killed  or  the  spyware  activity  on 
the  PC  stops. 

False  positives  occur,  but  they’re  fairly  rare 
(about  one  in  every  50  or  60  quarantined 
PCs),  Austin  says.  Creating  a  Snort  rule  for  a 
new  virus  can  take  time.  But  once  Shelob 
has  been  “fed”  with  the  new  rule,  its  web 
quickly  picks  up  the  infected  PCs. 

Shelob’s  creators  are  considering  using 
the  school’s  Windows  Software  Update 
Server  to  report  which  PCs  have  checked  in, 
or  not,  for  the  latest  updates.  Any  PC  that  has 
not  checked  in  for,  say,  30  days,  would  be 
forced  to  Shelob’s  web,  where  the  end  user 
would  have  to  update  Windows  before 
being  allowed  to  escape.  Shelob  also  could 
be  used  to  isolate  users  who  are  violating 
copyright  laws,  including  those  identified 
by  the  Recording  Industry  Association  of 
America.  ■ 
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Virus  catcher 

Check  out  an  example  of  Shelob  in  action  in  this  alert  to 
University  of  Indianapolis  students. 
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Tech  stalwarts  buy  into  XML  gear 


BY  ANN  BEDNARZ 

Big  vendors  are  taking  notice  of 
enterprise  demand  for  dedicated 
hardware  to  handle  the  onslaught 
of  XML  traffic  generated  by  ser- 
vices-based  applications. 

The  latest  to  make  a  move  is 
IBM,  which  last  week  paid  an 
undisclosed  sum  —  rumored  to 
be  more  than  $100  million  —  to 
acquire  privately  held  DataFbwer. 
IBM’s  acquisition  follows  Intel’s 
August  purchase  of  Sarvega, 
which  like  DataPower,  makes 
appliances  for  handling  XML  and 
Web  services  traffic. 

Cisco  also  has  turned  its  atten¬ 
tion  to  more  intelligent-applica¬ 
tion  routing.The  company  in  June 
announced  its  Application-Ori¬ 
ented  Networking  (AON)  product 
line,  which  includes  a  module  for 
the  Catalyst  6500  switch  that  pars¬ 
es  and  secures  XML  and  other 
message-based  traffic.  The  Cisco 
gear  incorporates  technology 
from  Intel-spinout  Tarari,  which 
makes  XML-acceleration  chipsets. 

The  market  for  XML-aware  net¬ 
work  gear  took  hold  a  few  years 
ago,  when  users  began  to  realize 
that  processing  bulky  XML  mes¬ 
sages  could  eat  nearly  80%  of 


server  processing  power  if  it  was 
done  with  traditional  application 
server  software.  As  more  compa¬ 
nies  consider  developing  service- 
oriented  architectures  (SOA),  IT 
executives  are  weighing  the  net¬ 
work  implications  of  introducing 
XML-heavy  application  traffic, 
says  Ron  Schmelzer,a  senior  ana¬ 
lyst  at  ZapThink. 

“A  lot  of  the  network  operations 
and  data  center  people  are  say¬ 
ing,  ‘OK,  great,  make  this  SOA 
decision,  but  don’t  impose  a 
huge  burden  on  this  network  that 
1  have  to  protect.’  They  may  be 
demanding  performance  solu¬ 
tions  even  before  some  of  these 
SOA  projects  get  off  the  ground,” 
Schmelzer  says. 

DataFbwer  is  among  a  handful 
of  start-ups  that  shaped  the  mar¬ 
ket  for  XML  appliances.  Others 
include  Fomm  Systems,  Reactivity, 
Sarvega  and  Westb ridge.  New¬ 
comers  include  Solace  Systems, 
which  in  y^ril  unveiled  message¬ 
routing  product,  and  Xambala, 
which  is  working  on  content- 
aware  processing  technology 

IBM  says  DataPower’s  appli¬ 
ances  will  help  its  customers  with 
their  efforts  to  deploy  SOAs.  Big 


Active  market 

IBM  isn’t  the  only  vendor  interested  in  XML  appliances.  Here 
are  some  of  the  latest  industry  events. 


Date 

Event 

SianHIcance 

October  2005 

IBM  buys  DataPower 

Purchase  adds  XML  appliances  to  IBM's 
WebSphere  family. 

August  2005 

Intel  acquires  Sarvega 

Sarvega's  engine  for  XML  processing  and 
security  will  enhance  Intel's  chipset  and 
network  adapters. 

June  2005 

Cisco  unveils  AON  line 

New  modules  incorporate  technology  from 
Tarari,  which  makes  XML  acceleration  ^ipsets. 

Blue  plans  to  develop  a  family  of 
SOA  appliances  based  on  the 
DataPower  technology  which  it’s 
adding  to  its  WebSphere  software 
area,  says  Robert  LeBlanc,  IBM’s 
general  manager  of  WebSphere. 
DataPower’s  70  employees  will 
join  IBM,  and  there  are  more  hires 
on  the  horizon,  LeBlanc  says. 

“If  you  look  at  all  that  SOA 
entails  —  there’s  security  there’s 
management,  there’s  process 
management,”  LeBlanc  says.'All  of 
the  things  that  make  up  an  SOA 
environment  are  candidates  to  be 
integrated  on  top  of  an  appliance. 
We’re  going  to  look  at  all  of  those 
opportunities  to  extend  the  func¬ 


tionality  that  DataFbwer  provides 

today 

IBM  plans  to  develop  new  prod¬ 
ucts,  such  as  a  blade  version  of 
DataFbwer’s  appliances,  which 
today  are  lU  rack-mounted  de¬ 
vices.  DataPower’s  products  in¬ 
clude  the  XI50  Integration  Device, 
which  streamlines  SOA  infrastmc- 
tures;  the  XA35  XML  Accelerator, 
which  offloads  XML  processing: 
and  the  XS40  XML  Security 
Gateway  which  helps  provide  mes¬ 
sage-level  Web  services  security 

In  the  past  IBM  has  focused  on 
the  software  and  professional  ser¬ 
vices  side  of  SOA,  “and  this 
announcement  shows  that  hard¬ 


ware  and  network  appliances  play 
an  equal  role  in  making  an  SOA  a 
reali^’ Schmelzer  says.The  acquisi¬ 
tion  puts  pressure  on  other  infra- 
stmcture  platform  vendors,such  as 
BEA  Systems  and  Oracle,  to  broad¬ 
en  their  software-  and  servicescen- 
tric  SOA  coverage,  he  says. 

IBM  wasn’t  the  only  vendor 
interested  in  acquiring  Data¬ 
Power,  but  it  was  the  best  fit, 
according  to  Jeff  Fagnan,  a  part¬ 
ner  at  Atlas  Venture.  (Fagnan  was 
an  original  investor  in  DataFbwer 
while  with  Seed  Capital  Partners 
and  led  the  company’s  C  round  of 
funding  six  months  ago  while 
with  Atlas.) 

“IBM  was  the  best  potential 
partner  given  its  leadership  in 
the  middleware  space  and  its 
thinking  about  SOA,”  Fagnan 
says.  DataPower  wasn’t  prof¬ 
itable  but  has  been  growing  fast. 
“The  company  and  the  whole 
market  has  really  been  on  fire  in 
terms  of  growth  over  the  past 
year  or  so.  DataFbwer  has  seen 
50%  quarter-over-quarter  rev¬ 
enue  growth  of  late,”  Fagnan 
says.  “Despite  that,  the  offer  was 
too  good  for  the  board  and  man¬ 
agement  to  refuse.”  ■ 


Gartner 

continued  from  page  10 

1 1%  of  their  total  project  budget  to  com¬ 
pliance,  and  that’s  expected  to  hit  14% 
by  2009. 

Several  analysts  tried  to  predict  how  the 
IT  function  will  be  changing  over  the  next 
several  years.  Diane  Morello  suggested 
that  IT  professionals  need  to  become 
more  versatile.  Morello  identified  four 
areas  of  expertise  that  will  be  vital  for  IT 
professionals  in  the  next  few  years:  tech¬ 
nology  infrastructure  services,  informa¬ 
tion  design  and  management,  process 
design  and  management,  and  relationship 
and  sourcing  management. 

She  said  IT  professionals  will  need  to 
move  beyond  simply  helping  the  busi¬ 
ness  achieve  its  goals  by  providing  the 
underlying  infrastructure.  They  need  to 
drive  the  business  forward  by  proposing 
ways  that  technology  and  technology- 
enabled  applications  can  cut  costs  and 
increase  revenue. 

More  specifically,  she  encouraged  IT 
executives  in  the  audience  to  go  back  to 
their  companies  and  develop  new  mobile 
and  wireless  applications  and  services  or 
design  reusable  software  components  or 
figure  out  new  ways  to  make  use  of 


unstructured  data. 

Morello  recommended  that  people  start 
on  the  road  to  becoming  a  “versatilist”  by 
getting  involved  with  groups  outside  of  IX 
learning  about  other  disciplines,  such  as 
financial  analysis,  and  building  a  strong 
network  that  includes  people  inside  the 
company,  as  well  as  external  customers 
and  partners. 

Hurd  says  HP  on  the  right  track 

Convincing  customers  and  partners  HP 
is  on  the  right  track  were  the  main  points 
of  HP’s  Hurd. 

Hurd  tried  to  deflect  rumors  that  the 
company  would  soon  sell  one  or  two  divi¬ 
sions  —  namely  its  printer  and  network 
divisions.  Hurd  said  HP  would  focus  on  its 
core  products  lines  and  wouldn’t  spin  off 
any  divisions. 

Hurd  said  he  is  committed  to  HP’s  adap¬ 
tive  enterprise  framework,  developed  by 
his  predecessor,  Carly  Fiorina.  But  he  was 
critical  of  the  management  structure  that 
grew  during  her  nearly  six-year  tenure. 

It  was  a  management  process  that  “at  its 
lunatic  conclusion”  had  the  CEO  acting  as 
a  tiebreaker  in  pricing  disagreements  be¬ 
tween  the  product  group  and  a  customer¬ 
facing  group,  Hurd  said.  “After  careful 
analysis,  1  determined  it  was  a  bad 


model,”  he  said,  to  audience  chuckles. 

Beyond  the  keynote  addresses  and  ses¬ 
sion  information,  Gartner  analysts  made 
many  key  prognostications.Those  include: 

•  Customers  should  watch  for  the  next 
generation  of  firewalls  —  expected 
around  2007  —  to  combine  traditional 
firewall  protection  plus  intrusion  preven¬ 
tion  and  other  more  advanced  features. 
“Integrating  these  functions,  which  are 
largely  separate  boxes  today  will  be  an 
important  step  for  users,”  Ftescatore  said. 
“It’s  very  likely  that  vendors  who  haven’t 
done  anything  with  IPS  in  the  past  [will] 
use  it  in  these  next  generation  firewalls  to 
climb  into  the  enterprise  arena.” 

•  The  many  wireless  networks  make  it 
difficult  for  users  to  move  seamlessly 
between  the  different  wired  and  wireless 
networks.  Wi-Fi  and  wired  LANs  will  be 
the  first  to  come  together  as  Wi-Fi  con¬ 
trollers  integrated  in  Ethernet  switches. 
Cellular  sets  with  Wi-Fi  radios  will  enable 
users  to  choose  Wi-Fi  for  bandwidth¬ 
intensive  data  applications.  Wi-Fi  roam¬ 
ing,  QoS  and  power  management  will  be 
required  for  true  voice  over  Wi-Fi.  The 
emergence  of  WiMAX  will  make  fixed 
wireless  access  close  in  speed  to  wired 
alternatives.  The  use  of  unified  memory 
architecture  technologies  will  allow 


Global  System  for  Mobile  Communi¬ 
cations  and  code  division  multiple- 
access  voice  traffic  to  be  transported 
over  Wi-Fi  networks.  IP  Multimedia 
Subsystem  will  permit  the  convergence 
of  wired  and  wireless  service  provider 
backbone  networks,  making  the  delivery 
of  services  applications  and  content 
available  on  either  network. 

•  Virtualization  technologies  will  in¬ 
crease  the  ability  to  effectively  consoli¬ 
date  larger  resources.  Virtualization  also 
will  make  distributed  resources  easier  to 
manage,  reprovision  and  use  efficiently 
Several  changes  will  make  virtualization 
critical  to  most  companies  in  the  next  few 
years:  processor  capability  has  outpaced 
the  performance  requirements  of  many 
applications,  and  performance  is  relative¬ 
ly  inexpensive,  making  overhead  of  a  vir¬ 
tualization  layer  a  non-issue.  While  pro¬ 
cessing  power  is  becoming  less  expen¬ 
sive,  space,  power,  installation,  integration 
and  administration  are  not  inexpensive  — 
and  cost  the  same  whether  a  resource  is 
10%  or  90%  utilized. The  greatest  inhibitor 
to  any  form  of  server  virtualization  is  soft¬ 
ware  pricing  and  licensing. 

Tom  Krazit  of  the  IDG  New  Service  con¬ 
tributed  to  this  report. 
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EMC  enters  continuous  data  protection  fray 


Making  a  lull  recovery 


EMC's  continuous  data  protection  software  is  designed  to 
help  companies  recover  data  from  databases  and  files  on  a 
network. 
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BY  DENI  CONNOR 

EMC  this  week  is  expected  to 
announce  its  entry  into  the  con¬ 
tinuous  data  protection  market, 
an  increasingly  crowded  field 
populated  with  big  names  such  as 
HP  and  IBM,  plus  a  host  of  smaller 
compani^. 

EMC  will  use  the  Storage  Net¬ 
working  World  conference  in 
Orlando  to  introduce  its  Recover- 
Fbint,  which  is  based  on  technolo¬ 
gy  supplied  by  Mendocino  Soft¬ 
ware.  Other  companies,  including 
Availl  (see  Short  Takes,  page  23), 
FilesX  and  StorServer,  also  plan  to 
show  off  CDP  products. 

The  EMC  software  is  designed 
to  help  customers  continuously 
back  up  data,  as  well  as  instantly 
recover  files  and  transaction-ori¬ 
ented  data. 

RecoverPoint,  which  runs  on  a 
Linux  server,  will  save  and  recover 
data  on  any  EMC,  HP  IBM  or 
Hitachi  array  EMC  says.  It  supports 


Sun  Solaris,  Windows  2003,  and 
Oracle  and  SQL  Server  databases. 

RecoverPoint  differs  from  some 
other  products  on  the  market  be¬ 


cause  it  can  be  used  to  back  up 
both  file  and  database  data  to 
disk.  Other  products,  such  as 
Symantec’s  Backup  Exec  lOd  for 


Windows  Servers  and  LiveState 
Recovery  6.0,  IBM’s  Tivoli  Data 
Protection  for  Files  and  Micro¬ 
soft’s  Systems  Data  Protection 
Manager,  only  back  up  files  creat¬ 
ed  on  a  network. 

EMC  is  not  the  first  big-name 
company  to  look  to  Mendocino 
for  CDP  technology  HP  last  week 
announced  it  has  agreed  to  resell 
Mendocino’s  RecoveryOne  soft¬ 
ware. 

EMC  plans  to  expand  the  enter¬ 
prise  focus  of  RecoverPoint  in  the 
first  half  of  2006  with  support  for 
Microsoft  Exchange  and  IBM’s 
DB2,  as  well  as  host  operating  sys¬ 
tems  AIX,  HP-UX,  Linux  and 
Windows  2000.  RecoverPoint 
costs  $75,000. 

Also,  FilesX  has  announced 
CDP  on  Demand,  software  that 
can  be  used  to  restore  Microsoft 
Exchange,  Word  and  SQL  Server 
files,  and  that  allows  regularly 
scheduled  snapshots  of  data  to 


be  taken.  Unlike  Microsoft’s 
System  Data  Protection  Manager, 
CDP  on  Demand  allows  for 
unlimited  snapshots.  The  soft¬ 
ware  is  available  as  part  of 
FilesX’s  Xpress  Restore,  which 
starts  at  $10,000. 

Also  at  the  show,  StorServer  is 
expected  to  introduce  a  CDP 
option  for  its  storage  appliances 
that  works  with  IBM’s  Tivoli  Con¬ 
tinuous  Data  Protection  for  Files. 
The  application  enables  users  to 
protect  data  on  their  laptops, 
desktops  and  file  servers  by  back¬ 
ing  it  up  to  multiple  locations,  in¬ 
cluding  those  with  StorServer 
Appliances.  The  boxes  start  at 
$3,500;  CDP  coverage  costs  $35 
per  laptop  or  desktop  and  $995 
per  server.  ■ 
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Banking 

continued  from  page  1 

evaluating  banks  for  compliance 
to  the  new  guidelines  in  2007. 

The  FFIEC,  which  includes  the 
Federal  Reserve  System,  the  Fed¬ 
eral  Deposit  Insurance  Corp. 
and  the  National  Credit  Union 
Administration,  says  it  considers 
single-factor  authentication 
alone  “to  be  inadequate  for 
high-risk  transactions  involving 
access  to  customer  information 
or  the  movement  of  funds  to 
other  parties.” 

In  security  parlance,  factors  are 
considered  to  be  something  you 
know,  such  as  a  password;  some¬ 
thing  you  have,  such  as  a  hard¬ 
ware  token;  and  something  you 
are,  such  as  the  unique  print  of 
your  finger  or  the  iris  of  your  eye. 

The  FFIEC  guidance  lists  a 
variety  of  factor  possibilities, 
including  USB  token  hardware, 
smart  cards,  password-generat¬ 
ing  tokens,  as  well  as  an  assort¬ 
ment  of  biometrics.  The  FFIEC 
says  it  doesn’t  favor  any  particu¬ 
lar  method. 

Banks  and  credit  unions  are 
starting  to  adopt  stronger  authen¬ 
tication,  but  are  far  from  handing 
out  tokens  and  capturing  finger¬ 
prints  and  facial  scans. 

Bank  of  America,  for  example, 
is  close  to  completing  its  nation¬ 
wide  rollout  of  SiteKey,  based  on 
technology  from  Passmark 
Security,  which  asks  the  online 
customer  to  select  an  image 
and  personal  phrases  to  share 


identity  dieck 

The  Federal  Financial 
Institutions  Examination 
Council  has  indicated  it 
\A/ants  financial  institutions 
to  make  use  of  more  than 
just  a  “single-factor"  for 
authenticating  customer 
identity  in  Internet  banking. 
Here  are  three  most 
commonly  recognized 
“factors"  for 
authentication: 

•  Something  you  know 

Password,  personal  identification 
number,  shared  secrets. 

•  Something  you  have 

Automated  teller  machine  card, 
smart  card,  one-time  password 
token. 

•  Something  yon  are 

Biometric  characteristic,  such  as 
a  fingerprint. 


in  challenge-and-response  fash¬ 
ion.  This  validates  the  bank’s 
Web  site  is  real  and  is  an  extra 
measure  of  security  if  a  cus¬ 
tomer’s  ID  and  password  are 
stolen. 

“At  first  we  considered  it  an 
option  for  customers  but  now 
we’ve  decided  to  make  it  a  req¬ 
uirement,"  says  Sanjay  Gupta, 
e-commerce  executive  at  Bank  of 
America.“We  want  our  customers 
to  have  strong  protection." 

But  few  banks  have  adopted 
hardware  tokens  or  biometrics 


for  widespread  use  in  Internet 
banking. 

U.S.  Bancorp  uses  VeriSign’s 
tokens  in  its  high-end  commercial 
banking  operations.  Tokens  are  in 
more  prevalent  use  among  Euro¬ 
pean  banks,  such  as  Credit  Suisse 
Group  and  Netherlands-based 
bank  Rabba. 

“Banks  are  already  moving  be¬ 
yond  just  passwords  for  consumer 
confidence,”  says  Gartner  analyst 
Avivah  Litan.  “But  the  last  thing 
banks  want  to  do  is  provision 
tokens  and  biometrics.”  Cost  is  the 
primary  inhibitor,  she  says. 

There  are  also  concerns  that 
consumers  may  object  to  using 
tokens.  A  Gartner  survey  of  con¬ 
sumers  earlier  this  year  found 
hardware  tokens  to  be  an  unpop¬ 
ular  idea. 

However,  some  banks  are  forg¬ 
ing  ahead  with  distribution  of 
security  tokens.  American  Bank, 
which  has  about  $527  million  in 
assets  and  20,000  customers,  this 
July  began  offering  the  RSA 
SecurlD  token  for  generating  one¬ 
time  passwords  to  online  banking 
customers. 

American  Bank,  of  Allentown, 
Pa.,  is  suggesting,  but  not  requir¬ 
ing,  that  customers  use  them  for 
online  banking,  says  Bob  Turner, 
CIO  at  the  bank.“It’s  voluntaryAnd 
we’ve  decided  not  to  charge  them 
for  it  for  the  first  three  years.” 
Turner  estimates  that  subsidizing 
the  tokens  costs  the  bank  about 
$25  per  user. 

About  10%  of  7,000  customers 
who  bank  online  use  the  RSA 


SecurlD  token,Turner  says. 

‘A  few  of  them  have  come  back 
with  comments  that  were  nega¬ 
tive,”  he  says. “Some  resist  the  tech¬ 
nology  because  of  the  inconve¬ 
nience  they  perceive  it  as  having. 
Some  found  it  cumbersome  and 
don’t  want  to  carry  it  around, 
especially  if  they  use  other  tokens 
in  their  job.” 

The  bank  explains  to  its  cus¬ 
tomers  that  it’s  not  adopting  this 
one-time  password  technology 
because  of  a  security  breach  but 
because  it’s  considered  better 
authentication  than  changeable, 
static  passwords,  which  can  be 
easily  compromised  when  shared 
or  stolen. 

RSA  SecurlD  tokens  are  starting 
to  have  an  influence  on  how 
bank  transaction  services  are  pro¬ 
vided  at  American  Bank’s  online 
site, Turner  says. 

The  bank  also  has  made  use  of 
challenge-response  questions  on 
its  site  before  completing  certain 
types  of  funds  transfers.  When  cus¬ 
tomers  are  making  use  of  SecurlD 
as  the  authentication  means,  the 
site  doesn’t  require  the  challenge- 
response  mechanism  because 
security  is  considered  better. 

Turner  says  he  didn’t  know  the 
FFIEC  would  issue  guidelines  call¬ 
ing  for  adoption  of  strong  authen¬ 
tication  for  high-risk  transactions. 
But  he  says  auditors  that  inspect 
the  banks  had  talked  about  the 
possibility  of  new  online  banking 
guidelines  this  year. 

Some  security  experts  are  skep¬ 
tical  about  the  FFIEC’s  admoni¬ 
tion  that  there’s  great  value  in  giv¬ 
ing  consumers  two-factor  tech¬ 
nologies,  such  as  password^ener- 
ation  hardware  tokens,  to  stop  the 
problems  of  online  fraud  and 
identity  theft. 

"Two-factor  authentication  isn’t 
our  saviorj*  says  Bruce  Schneier, 
CTO  and  founder  of  Counterpane 
Internet  Security 

Schneier  says  it’s  of  little  use 
against  man-in-the-middle 
attacks,  such  as  the  case  where 
an  attacker  installs  a  malicious 
Trojan  on  the  user’s  desktop  and 
then  piggybacks  into  the  session 
on  the  bank’s  Web  site. 

“His  statement  is  accurate,  and 
it’s  not  a  panacea,”  says  George 
Rapp,  vice  president  of  IT  at  West 
Stonebridge  Bank,  which  this 
summer  began  distributing  RSA 
SecurlD  tokens  to  online  cus¬ 
tomers.  Free  for  the  first  year,  the 
Chester,  Pa.,  bank  is  charging  $25 
thereafter.  “It  does  make  my  cus¬ 
tomers  more  secure.”* 


Nortel  eyes  Motorola  COO  as  next  CEO 


BY  JIM  DUFFY 

Nortel  last  Monday  surprised  the  industry  by  an¬ 
nouncing  that  CEO  Bill  Owens  will  leave  in  mid- 
November  and  be  replaced  by  Motorola  President 
and  COO  Mike  Zafirovski. 

But  not  so  surprising  given  Nortel’s  track  record 
over  the  past  few  years,  the  move  might  not  go 
smoothly.  Motorola  filed  a  lawsuit  the  next  day 
against  Zafirovski  seeking  to  prevent  him  from  taking 
the  new  job,  based  on  an  alleged  breach  of  non-com- 
pete  agreements. 

Owens’  retirement  caught  industry  watchers  off¬ 
guard  in  that  the  65-year-old  ex-vice  chairman  of  the 
Joint  Chiefs  of  Staff  recently  indicated  that  he  intend¬ 
ed  to  remain  CEO  after  leading  Nortel  through  a 
financial  scandal  and  refocusing  the  company  on  its 
enterprise  network  operations. 

Owens  became  CEO  after  Nortel  fired  then-CEO 
Frank  Dunn  in  April  2004  upon  determining  he 
helped  orchestrate  Nortel’s  bogus  accounting,  which 
forced  the  company  to  restate  years  of  earnings. 

During  a  Webcast  press  conference,  Owens  said  he 
was  not  asked  to  step  down.  He  said  he  “openly  and 


willingly”  participated  in  the  executive  search  for  his 
replacement,  which  began  after  the  company’s 
annual  shareholder  meeting  in  June. 

Zafirovski,  51,  has  a  30-year  career  of  leadership 
with  two  of  the  world’s  highest-profile  corporations. 
General  Electric  and  Motorola. 

“Zafirovski  is  well  respected  by  the  street,  and 
seen  as  a  competent  manager  in  the  telecom  in¬ 
dustry”  wrote  UBS  Warburg  Analyst  Nikos 
Theodosopoulos  in  a  bulletin. “Nortel  has  been  in 
need  of  telecom  and  operational  experience  in  the 
top  role.” 

Ramesh  Kapoor,  CIO  for  the  public  school  system 
in  Virginia  Beach,  Va.,  says  he’s  looking  forward  to 
new  leadership  at  Nortel.  Kapoor  says  the  school 
district  has  had  some  problems  with  Nortel’s 
Business  Communications  Manager  VoIP  gear  and 
he  has  not  been  satisfied  with  Nortel’s  support. 
Kapoor  says  he  hopes  Zafirovski  will  bring  new 
direction  to  Nortel. 

Features  Editor  Neal  Weinberg  contributed  to  this 
report. 
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Cisco 

continued  from  page  1 

signals  with  an  IP  infrastructure. 

“[IPICS]  is  not  a  communica¬ 
tions  system  in  itself;  it’s  something 
that  enables  disparate  communi¬ 
cation  systems  out  there  to  work 
together  in  an  IP  format,” says  Brad 
Curran,  an  industry  analyst  with 
Frost  and  Sullivan  who  tracks  gov¬ 
ernment  and  military  communi¬ 
cations  technology  industries. 
“After  [Hurricane]  Katrina,  we  saw 
what  a  mess  communications 
were.  You  had  a  lot  of  outside 
agencies  coming  in  and  it  was  dif¬ 
ficult  for  them  to  all  communi¬ 
cate.  Something  like  [IPICS]  would 
have  helped  a  lot.” 

IPICS  was  developed  by  the 
newly  formed  Safety,  Security 
Systems  Business  Unit. 

Cisco  is  billing  this  effort  as 
another  of  its  emerging  technol¬ 
ogy  areas,  similar  to  the  launch 
in  June  of  its  Application 
Oriented  Networking  (AON) 
business  unit.  At  the  time  of  that 
launch,  Cisco  CEO  John 
Chambers  said  the  company 
would  announce  a  new  emerg¬ 
ing  technology  every  quarter 
over  its  next  fiscal  year.  (In  Cisco- 
speak,  emerging  technologies 
are  different  from  its  six  ad¬ 
vanced  technologies  —  enter¬ 
prise  Voiphome  networking,  opti¬ 
cal,  security,  storage  networking 
and  wireless  LAN.  Chambers  has 
targeted  each  as  an  eventual  bil¬ 


lion-dollar  revenue  source). 

IPICS  software  runs  on  a  Linux- 
based  server  and  provides  opera¬ 
tors  with  an  application  interface 
that  lets  them  control  all  commu¬ 
nications  links  on  the  network. 

An  IPICS  server  acts  as  a  cen¬ 
tral  switchboard  for  any  type  of 
communication  that  comes  into 
a  network.This  can  include  two- 
way  handheld  and  mobile  radio 
devices,  cell  phones,  push-to- 
talk  mobile  phones,  traditional 
analog  and  digital  phones,  as 
well  as  wired  or  wireless  VoIP 
devices. 

Radio  equipment  would  termi¬ 
nate  on  an  IP  LAN  via  Cisco’s 
Land  Mobile  Radio  (LMR)  Gate 
way  a  Cisco  router  module  that 
converts  analog  radio  signals  into 
packetized  IP  voice,  and  is  cur¬ 
rently  deployed  in  public  safety 
organizations.  Cell  phone  hand¬ 
sets  tie  into  IPICS  via  Cisco  public 
switched  telephone  network/lP 
gateway  equipment,  used  to  link 
Cisco  VoIP  gear  to  carrier  phone 
networks. 

Once  traffic  is  converted  to  If) 
IPICS  lets  any  device  on  the  net¬ 
work  connect  with  any  other 
device,  allowing  IP  phones  and 
VoIP-enabled  PDAs  to  call 
radios  and  cell  phones. 
Administrators  can  set  up  users 
in  push-to-talk  groups  with  IPICS 
software,  regardless  of  device 
type. 

IPICS  software  uses  XML  mes¬ 
saging  schemes  to  identify  the 


Everything  connected 

How  Cisco’s  IP  Interoperability  and  Collaboration  System  (IPICS)  might  work  in  an  airport. 


Cell  phone  push-to- 
talk  group 


VoWUN 

phone 


Cisco  LAN  Mobile 
Radio  Gateway 


IP  phone 


D  Public  safety  and  other  crews  with  two-way  radios  connect  to  a  Cisco  LAN  Mobile  Radio  Gateway,  converting  radio  traffic  into  VoiP. 
B  Push-to-talk  cell  phones  tie  into  the  network  via  PSTN/VolP  gateways. 

B  With  all  traffic  converted  to  IP,  Cisco's  IPICS  server  controls  what  traffic  can  communicate  with  what  endpoints. _ 

Q  Staff  in  a  command  center  or  other  offices  can  link  to  two-way  radios  and  push-to-talk  users  via  IP  desk  phones. 


types  of  communications  devices 
managed  by  the  system. 

Public  safety  users  have  de¬ 
ployed  Cisco  gear  to  link  their  IP 
and  radio  networks,  but  the  ad¬ 
vancement  with  IPICS  is  the  abili¬ 
ty  to  link  disparate  radio,  cell 
phone  and  other  communica¬ 
tions  types  under  a  single  um¬ 
brella,  says  Shah  Talukder,  general 
manager  of  the  Safety  Security 
Systems  Business  Unit. 


“There  are  billions  of  dollars 
already  invested  in  legacy  radio 
equipment,”  Talukder  says.  “We’re 
not  saying  to  throw  that  away 
WhereverthereisIB[lPICS]  allows 
you  to  connect  [existing]  radio 
traffic  to  anywhere  in  the  world.” 

While  radio  is  the  first  step  of 
IPICS,  down  the  line  users  will  see 
integration  of  video  and  data  into 
the  system,  Curran  says.This  could 
involve  sending  digitized  maps, 


Juniper 

continued  from  page  8 

access  and  branch  routers, 
according  to  Dell’Oro  Group. 

And  sales  from  the  Peribit, 

Redline  and  Kagoor  Networks 
acquisitions  were  disappointing, 
according  to  UBS.“$11  [million] 
to  $12  million  in  [third  quarter] 
sales  suggest  little  growth  com¬ 
pared  to  when  these  companies  were  private,” 
Theodosopoulos  stated  in  his  bulletin. 

J-series  tabulations  are  “not  very  relevant,” 
Dolce  says,  because  Juniper  is  shooting  for  the 
enterprise  backbone  with  its  M-series  routers. 
Winning  the  backbone  creates  pull  through 
for  the  J-series  branch  routers,  he  said. 

“It’s  more  difficult  to  sell  the  branch  if  some¬ 
one  else  has  the  backbone,”  Dolce  says.  “Our 
efforts  are  focused  on  winning  some  of  that 
core  enterprise  backbone.” 

Analysts  also  note  that  Cisco  owns  90%  of  the 
access  and  branch  router  market,  and  its  Int¬ 
egrated  Services  Routers  are  experiencing  the 
fastest  product  ramp  in  Cisco’s  history 

“That’s  Cisco’s  bread-and-butter)’  says  Zeus 


For  a  company  looking  to 
get  into  the  enterprise, 
three-quarters  of  a  billion 
dollars  in  business  is  not 
bad.W 

Scott  Kriens,  Juniper’s  CEO 


Kerravala.an  analyst  at  The  Yankee  Group. 

Market  share  aside,  mindshare  might  be 
another  albatross  for  the  J-series.  NetScreen 
user  MIPS  Technologies  in  Mountain  View, 
Calif.,  is  standardizing  on  Cisco  for  routing  — 
and  perhaps  even  security  platforms,  such  as 
VPNs  and  firewalls. 

“Single  vendor  instead  of  mix  and  match," 
says  Steve  Ozoa,  Unix  and  network  systems 
administrator  at  MIPS.  “We’ve  always  been 
Cisco  for  routing.  [J-series]  really  just  didn’t 
come  to  mind.” 

Sales  of  products  from  Juniper’s  three  most 
recent  acquisitions,  meanwhile,  are  “on  plan,” 
Dolce  says. 

“I  haven’t  been  disappointed  in  anything  this 


quarter;”  he  adds.  “It  was  a  great 
quarter” 

“First  Juniper  stepped  up  to  the 
plate  and  hit  the  ball  out  of  the 
park;  and  then  they  took  the  bat 
and  beat  the  catcher  to  death,” 
says  Steve  Kamman  of  CIBC 
World  Markets.  “What  they  deliv¬ 
ered  was  well  over  and  above 
what  we  were  looking  forf 
Going  forward,  Juniper  will  fine- 
tune  the  global  channel  system  put  in  place 
over  the  last  year  and  continue  transitioning  its 
sales  teams  to  develop  relationships  with 
companies  and  sell  them  solutions  instead  of 
boxes,  Dolce  says.  From  a  product  perspective, 
Juniper  offers  everything  that’s  important  for  a 
corporation,  he  says. 

As  for  potential  conflicts  with  service 
provider  customers  that  Kriens  alluded  to 
three  years  ago,  Dolce  says  Juniper  has  worked 
things  out. 

‘A  lot  of  this  security  business  gets  to  the 
enterprise  via  a  customer  premises  equipment 
resale  or  a  managed  service  arrangement  with 
a  carrier.  We  figured  out  the  best  way  to  do 
both,”  he  says.B 


graphics  or  text  data  to  workers  in 
the  field,  as  well  as  consolidating 
various  kinds  of  analog  and  digi¬ 
tal  video  streams  from  multiple 
sources  —  such  as  security  cam¬ 
eras  —  into  IP 

As  for  how  far  Cisco  can  take  this 
technology  analysts  are  optimistic. 

“People  may  not  really  realize 
how  many  people  use  radios,” 
says  Deb  Mielke,  managing 
director  at  Treillage  Network 
Strategies.  “It’s  not  just  police 
and  fire  departments  —  there’s 
hospitals,  trucking,  taxis  —  any 
business  involved  in  [mobility] 
or  transportation.” 

Users  should  expect  to  see 
more  integration  of  Cisco’s  IPICS 
technology  along  with  WLAN 
and  IP  telephony  and  its  recent 
RFID  and  AON/XML  initiatives, 
she  says.  “They’re  the  only  guys 
with  all  the  [tools]  that  can  tie  it 
all  together”  ■ 

nww.Gom 

IT  road  map  event 

Want  the  inside  track  on  which  technolo¬ 
gies  will  affect  your  company  in  the  year 
to  come?  John  Gaiant  and  Johna  Tili 
Johnson  lay  it  all  out  for  you  at  this 
Network  World  Technology  Tour  and 
Expo  exclusive^  for  IT  executives. 

Register  now  to  attend  free. 

DocRiKhr:  9427 
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Sterling  Commerce  leads  the  world  in  helping 
businesses  collaborate  with  their  partners. 


Of  course,  we've  had  a  30  year  head  start. 


For  over  30  years,  Sterling  Commerce  has  led  the  industry  in  helping  successful  organizations  work  more 
effectively  with  suppliers,  subsidiaries  and  customers.  Now,  with  the  first  platform  to  meet  all  the  challenges 
of  real-world  multi-enterprise  collaboration.  Sterling  Commerce  can  help  you  achieve  end-to-end  visibility, 
and  real-time  control  over  shared  business  processes.  So  you  can  make  faster,  better-informed  decisions  to 
help  cut  costs  and  accelerate  time  to  market.  In  fact,  a  majority  of  the  world's  leading  companies  already 
depend  on  us.  That's  a  tough  act  to  follow.  Contact  us  today.  Or  visit  us  at  www.sterlmgcomiTierce.com 

BUSINESS  APPLICATIONS  /  BUSINESS  INTEGRATION  /  BUSINESS  INTELLIGENCE  /  BUSINESS  PROCESS  MANAGEMENT  /  SOLUTION  DELIVERY 

Sterling  commerce 

©2005  Sterling  Comnnerce,  Inc.  ALL  RIGHTS  RESERVED.  Sterling  Commerce  and  the  Sterling  Commerce  logo  are  trademarks  of  Sterling  Commerce,  Inc.  Sterling  Commerce  is  an  SBC  Communications  Inc.  company. 


10.24.05  •  www.netwopkworld.com  •  19 


NET  MFMSIBIICIIIRE 

■  SECURITY  ■  SWITCHING  ■  ROUTING  HVPNS  S  BANDWIDTH  MANAGEMENT  »VOIP  ■  WIRELESS  LANS 

Enterasys  beefs  up  WLAN  security 


BY  PHIL  HOCHMUTH 

Enterasys  last  week  announced  wireless 
LAN  access  points  and  a  wireless  switch  for 
controlling  and  securing  Wi-Fi  network 
access. 

The  vendor  introduced  the  RoamAbout 
AP4102  Unified  Access  Pbint,a  device  that 
can  act  as  a  thin  or  stand-alone  access 
point.  Also  announced  was  the  Roam¬ 
About  AP1002,  a  dual-radio  802.11a  and 
802.1  Ib/g  thin  access  point.  To  control 
these  devices,  Enterasys  introduced  the 
8400  Wireless  Switch. 

The  gear  is  targeted  at  large  corpora¬ 
tions  looking  to  secure  their  current  wire¬ 
less  LAN  (WLAN)  infrastructures  or  build 
one  from  scratch. 

The  8400  Wireless  Switch  is  designed  to 
sit  in  a  data  center  and  control  as  many  as 
120  thin  access  points  across  a  LAN,  direct¬ 
ly  connected  to  the  switch  or  not.The  box 
includes  four  Gigabit  Ethernet  ports  and 


Short  Takes 


M  Tizor  has  announced  a  security 
appliance  called  Mantra  that  can 
monitor  multiple  databases  for  audit¬ 
ing  purposes,  including  those  from 
Microsoft,  Oracle  and  Sybase. 

Mantra  can  be  configured  to  audit 
data  transfers  according  to  tem¬ 
plates  for  regulations  that  include  the 
Sarbanes-Oxley  Act,  Payment  Card 
Industry  Data  Security  Standard, 
California  Security  Breach  Informa¬ 
tion  Act  and  Health  Insurance  Porta¬ 
bility  and  Accountability  Act.  Mantra 
starts  at  $25,000. 

H  NetContinuum,  a  maker  of  Web 
application  firewalls  and  secure  appli¬ 
cation  gateways,  has  named  Varun 
Nagaraj  as  its  CEO.  Nagaraj  previ¬ 
ously  held  management  roles  at 
Extreme  Networks  and  Ellacoya 
Networks.  He  replaces  Gene  Ban- 
nam.  NetContinuum  also  announced 
it  has  closed  a  $15  million  round  of 
venture  funding  led  by  Menlo  Ven¬ 
tures.  The  company,  formed  in  1999,  is 
based  in  Santa  Clara,  Calif. 


provides  services  such  as  fast  handoffs  of 
traffic  from  roaming  clients  among  access 
points,  automatic  radio  frequency  adjust¬ 
ments,  and  rogue  access-point  detection 
and  physical  location  pinpointing.  It  sup¬ 
ports  five  times  as  many  thin  access  points 
as  the  8100  Wireless  Switch,  which  was 
introduced  in  May 

When  attached  to  a  8400  Wireless  Switch, 
or  Enterasys’  previously  announced  8100 
device,  the  API 002  provides  simpler  man¬ 
agement  and  security  control  than  a 
stand-alone  access  point,  because  all  con¬ 
figuration,  intelligence  and  processing  are 
done  on  the  switch,  Enterasys  says. 

For  smaller  deployments,  or  if  more  intelli¬ 
gence  is  required  on  the  access  point,  users 
can  deploy  the  AP4102  Unified  Access 


While  generalizations  are  usually  dan¬ 
gerous,  it  is  probably  safe  to  say  that  for 
many  of  us  Microsoft  Office  is  the  tool 
set  we  use  most.  So  all  contemplating 
saying  adieu  to  Windows  for  Mac’s  OS  X 
needs  to  find  a  way  to  replicate  the  same 
in  their  new  environment.  Fortunately,  for 
the  most  part,  it  is  relatively  painless  and 
there  are  several  paths  to  take. 

The  easiest,  but  more  costly,  route  is  to 
purchase  Microsoft’s  Office  2004  for  the 
Mac.  With  this  approach,  you  get  Mac 
versions  of  Word,  Excel,  Project  and  most 
likely  the  highest  level  of  compatibility 
with  the  Windows  equivalents.  Instead  of 
Outlook  as  the  e-mail  client,  you  get 
Entourage  (more  about  that  later),  and 
Access  is  notably  absent.  There  isn’t  a 
Mac  version  or  equivalent  offered  by 
Microsoft. 

If  all  you  require  are  basic  functions  of 
the  main  office  trio  —  no  Visual  Basic 
for  Applications  functions  or  the  like  — 
you  might  find  all  you  need  with  the 
“free”  NeoOffice/J.This  application  suite 
is  offered  under  the  GNU  public  license 
and  is  essentially  the  Apple  OS  X  version 


Fbint,  which  can  run  as  a  thin  access  point, 
connected  to  a  Wireless  Switch  or  as  a 
stand-alone  device  that  sits  on  the  network 
with  its  own  IP  address. 

The  box  also  can  act  in  LAN-LAN  mode,  or 
as  a  wireless  bridge  between  two  wired  net¬ 
works,  such  as  a  link  between  two  adjacent 
buildings  with  no  connecting  copper  or 
fiber. 

The  RoamAbout  8400  WLAN  is  avail¬ 
able  and  starts  at  $12,000.  The  AP4102  is 
scheduled  to  be  available  next  month  for 
$700,  and  the  AP1002  in  December  for 
$450. 

Trapeze,  AirDefense  unite 

Also  on  the  WLAN  front, Trapeze  Networks 
and  AirDefense  have  announced  a  partner- 


of  the  OpenOffice  suite.  It  implements 
word  processing,  spreadsheet,  presenta¬ 
tion  and  drawing  functions. 

NeoOffice/J  can  open,  edit, save  and  so 
forth  in  the  native  Microsoft  file  formats, 
which  is  convenient  for  documents  that 
have  to  move  between  systems.  It  even 
has  some  handy  features  missing  from 
Microsoft  Office,  such  as  exporting 
directly  to  Adobe  PDF  format. 

For  those  of  you  wanting  to  make 
flashy  documents  that  can  leverage  the 
rich  set  of  media  in  iTunes  and  iPhoto, 
you  can  get  Apple’s  iWork  duo  —  Pages 
and  Keynote.  More  like  Microsoft  Pub¬ 
lisher  than  Word,  Pages  can  function  as  a 
simple  word  processor  or  help  you  put 
together  some  impressive  documents. 

To  date,  for  me  at  least,  the  only  area  of 
frustration  has  been  in  trying  to  find  a 
replacement  for  the  local  storage  of  e- 
mail  that  Outlook  2003  gives  me.  In  theo¬ 
ry!  shouldn’t  have  a  problem.  Entourage, 
mentioned  earlier,  is  Microsoft’s  imple¬ 
mentation  of  the  Outlook  client  for  Mac. 
(There  was  an  earlier  Outlook  for  Mac 
product  that  has  since  been  replaced  by 
Entourage.) 

In  my  first  few  months  of  living  the  Mac 
life,  I  found  Entourage  was  not  up  to  my 
requirements  and  despaired  that  it 
would  never  offer  me  the  level  of  e-mail 
that  I’d  been  accustomed  to.  In  fact,  1 


ship  to  integrate  their  respective  WLAN 
switch  and  security  products.  AirDefense’s 
wireless  intrusion-detection  and  intmsion- 
prevention  technology  will  be  integrated 
into  Trapeze’s  Mobility  Point  access-point 
hardware,  allowing  the  devices  to  detect 
WLAN  intrusions  and  collect  data  on 
attacks.  The  integration  will  involve  a  soft¬ 
ware  upgrade  for  Trapeze  products. 

The  integration  is  part  of  a  broad 
Trapeze  effort  to  cooperate  with  vendors 
such  as  Aruba,  Cisco  and  D-Link  to  allow 
third-party  WLAN  access  points  and 
switches  to  work  together.  ■ 
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even  wondered  if  this  is  intentional  on 
the  part  of  Microsoft. 

While  1  never  used  the  previous  prod¬ 
uct,  my  first  and  continuing  impression 
of  Entourage  is  that  Microsoft  deliberate¬ 
ly  set  out  to  build  a  product  that  would¬ 
n’t  pass  muster  as  a  corporate  alternative 
to  the  Windows  Outlook  client. 

According  to  a  review  of  documenta¬ 
tion  and  online  postings  early  in  the 
summer.  Entourage  has  reduced  func¬ 
tionality  —  for  example,  being  able  to 
read  public  folder  items  but  not  create 
or  edit  them.  For  my  part,  1  couldn’t  even 
get  my  in-box  to  synchronize  (it  should 
have)  and  ended  up  using  Outlook  Web 
Access  or  Citrix  to  access  corporate  e- 
mail. 

Last  month,  Microsoft  introduced 
Service  Pack  2  for  Office  2004.  Not  only 
did  it  provide  updated  support  for  pub¬ 
lic  folders  (such  as  allowing  read/write), 
but  it  solved  my  in-box  synch  problem. 

With  that,  my  only  major  productivity 
hurdle  was  removed.  Now,  1  have  the 
benefits  of  Mac  while  maintaining  the 
basic  requirements  of  the  corporate 
office. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent 
testing  company  in  Boca  Raton,  Fla.  He 
can  be  reached  at  ktolly@tolly.com. 
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Acquisitions  fiii  gaps  in  Symantec  security  iine 


Buying  Unge 

Recent  Symantec  acquisitions: 


Company 

Product  focus 

Acouisition  nrice 

Emntovees 

BindView 

Vulnerability  and  configuration  management. 

$207  million 

550 

Sygate  Tecfanelogies 

Endpoint  security  and  policy  enforcement. 

Undisclosed 

200 

WholeSecurity 

Behavior-based  security;  anti-phishing. 

Undisclosed 

32 

NOTE:  SYMANTEC  COMPLETED  ITS  BUYOUTS  OF  SYGATE  AND  WHOLESECURITYTHIS  MONTH,  AND  ANNOUNCED  PLANSTHIS  MONTH 
TO  BUY  BINDVIEW. 


BY  ELLEN  MESSMER 

Symantec  is  still  spending  hundreds  of 
millions  of  dollars  annually  to  develop 
new  products,  but  the  company  recently 
stepped  up  spending  on  acquisitions  as 
well  to  bolster  its  offerings. 

Symantec  this  month  completed  buy¬ 
outs  of  Sygate  Technologies  and  Whole- 
Security  for  undisclosed  amounts,  and 
reached  a  deal  to  acquire  BindView 
Development  for  $207  million. 

Symantec  says  that  buying  these  com¬ 
panies  will  help  round  out  its  security 
products  portfolio  in  several  ways,  the 
common  thread  among  them  being  poli¬ 
cy  enforcement. 

Acquiring  WholeSecurity  a  start-up  in 
Austin,Texas,  gives  Symantec  a  method  for 
ecommerce  security  that  lets  a  Web  site 
block  dangerous  malware  on  the  online 
customer’s  desktop  before  granting  access 
to  services.  WholeSecurity’s  Confidence 
Online  software,  which  is  used  by  eBay 
Deutsche  Bank  and  Visa,  can  identify  and 
block  malicious  code  based  on  its  behav¬ 
ior  rather  than  a  specific  signature.  This 
can  provide  threat  detection  at  an  early 
stage  before  new  attack  code  has  been 
fully  analyzed. 

“It’s  the  zero-hour  protection,”  says  Brian 
Foster,  senior  director  for  product  manage¬ 


ment  at  Symantec,  explaining  the  pur¬ 
chase  of  the  32-employee  outfit.  Symantec 
employs  14,000. 

While  Symantec  intends  to  continue  to 
sell  WholeSecurity’s  Confidence  Online 
products,  it  will  integrate  the  behavior- 
based  technology  into  Symantec’s  anti¬ 
virus  and  the  Symantec  Client  Security 
desktop  software,  which  includes  anti¬ 
virus  and  a  desktop  firewall. 

The  acquisition  of  Sygate,  a  privately 
held  company  in  Fremont,  Calif.,  which 
has  about  200  employees,  also  was  carried 
out  with  an  eye  toward  bolstering 
Symantec  Client  Security 

Symantec  expects  to  continue  selling 
Sygate’s  policy-enforcement  product, 
Sygate  Enterprise  Protection  (SEP),  in  the 
short  term. SEP  can  enforce  desktop  use  of 
VPN,  anti-virus  and  patch  updates  based 
on  corporate  policy. 

The  goal  is  to  integrate  SEP  into  future 
editions  of  Symantec  Client  Security  and 
then  phase  SEP  out,  Foster  says.  No 
timetable  has  been  announced  for 
doing  that. 

The  acquisition  of  Houston-based 
BindView,  expected  to  close  early  next 
year,  is  one  in  which  Symantec  has  not 
announced  plans  to  phase  out  products. 
Symantec  says  acquiring  BindView  will 


give  it  a  line  of  vulnerability  assessment 
and  IT  compliance  software  that  comple¬ 
ments  its  own. 

BindView,  whose  IT  compliance  software 
is  used  by  about  5,000  companies  and 
government  agencies,  has  550  employees. 
The  security  firm  reported  $72.9  million  in 
revenue  last  year,  with  an  anticipated  $84 
million  in  revenues  for  this  year. 

BindView  makes  bv-Control  and  bv- 
Admin  products,  which  scan  desktops, 
server  and  other  network  gear  without 
using  agents.  In  contrast,  Symantec  has 
software  called  Enterprise  Security  Man¬ 
ager,  which  requires  a  host-based  agent  on 
the  monitored  machine  in  order  to  report 
about  vulnerabilities,  configuration  and 
compliance  with  security  policies. 

Symantec  says  it  is  acquiring  BindView 
to  offer  its  customers  both,  while  acknowl¬ 


edging  agent-based  software  will  cost 
more. 

Gartner  analyst  John  Ftescatore  says  the 
debate  over  the  merits  of  agent-based  vs. 
agentless  software  for  security  monitoring 
is  a  timeless  one  for  the  industry. 

With  agent-based  software,  “the  huge 
benefit  is  the  deeper  information  about 
that  node,”Pescatore  says.’The  bad  thing  is 
agents  can  be  expensive  to  install  and 
manage.” 

Another  advantage  in  using  agent-based 
software  is  scalability  in  larger  networks 
of  70,000  nodes  or  higher  where  scanning 
without  agents  is  slow,  says  Randy  Streu, 
vice  president  of  ConfigureSoft,  which 
competes  against  BindView.  Agentless 
approaches  to  scanning  don’t  work  well 
in  some  networks,  such  as  satellite  links, 
he  adds.  ■ 


Symantec  tests  appliance  to  protect  databases 


BY  ROBERT  MCMILLAN, 

IDG  NEWS  SERVICE 

Engineers  within  Symantec’s 
R&D  organization  have  built  an 
appliance  that  could  eventually 
lead  the  company  into  the  data¬ 
base  security  business. 

The  unnamed  appliance  is  a 
preconfigured  server  that  sits 
on  the  network  and  monitors 
database  traffic,  looking  for 
inappropriate  queries.  “We’re 
providing  Big  Brother  in  a  box, 
if  you  like,  to  just  keep  a  gentle 
eye  on  people.  And  if  people 
deviate  from  their  normal  pat¬ 
terns,  we  can  flag  that,”  says 
Gerry  Egan, group  product  man¬ 
ager  with  Symantec’s  Advanced 
Concepts  Group. 

The  appliance,  which  has 
been  under  development  for 
several  years,  monitors  network 
traffic  using  the  same  underly¬ 
ing  “sniffing”  engine  as  Syman¬ 
tec’s  Network  Security  7100 
Series  intmsion-prevention  appli¬ 
ance.  But  the  15  engineers  work¬ 
ing  on  the  project  also  have 


developed  their  own  software, 
which  then  analyzes  the  data¬ 
base  queries.  The  technology 
has  been  tested  by  a  handful  of 
Symantec  customers  since 
September,  and  the  company  is 
expected  to  decide  within  the 
next  few  months  whether  to 
bring  it  to  market. 

The  current  version  of  the 
Symantec  appliance  does  not 
block  suspicious  queries  —  it 
monitors  and  reports  on  what  the 
database  is  up  to  —  but  that  fea¬ 
ture  is  being  considered  for  a 
future  version,  Egan  says. 

“Our  product  particularly 
comes  into  play  where  there  are 
valid  or  authorized  users  of  the 
database  who  now  start  to 
abuse  the  privilege,”  Egan  says. 
The  product  could  be  used  to 
detect  employee  or  partner 
fraud,  or  to  warn  database  ad¬ 
ministrators  (DBA)when  their 
applications  appear  to  be  acting 
in  a  malicious  manner. 

Symantec  is  testing  prototypes 
of  the  product  with  customers  in 


the  healthcare  and  financial  ser¬ 
vices  industries,  as  well  as  with 
educational  and  government 
users,  in  a  trial  run  that  is  sched¬ 
uled  to  go  on  through  the  end  of 
this  year.  “At  that  point,  it  will  be 
up  to  management  whether  they 
would  like  to  build  it  into  a  prod¬ 
uct,”  Egan  says. 

Should  that  happen,  Symantec 
would  be  the  first  major  vendor 
to  develop  this  type  of  product, 
analysts  say  Database  security 
appliances  are  sold  by  only  a 
handful  of  small  companies,  in¬ 
cluding  Imperva  and  Guardium, 
but  corporate  customers  are 
becoming  increasingly  focused 
on  data  security  and  regulation 
compliance. 

“We’re  starting  to  see  a  little 
more  interest  in  this  area  be¬ 
cause  of  all  this  identity  theft,” 
says  John  Pescatore,  an  analyst 
with  Gartner. 

Imperva  CEO  Shlomo  Kramer, 
whose  3-year-old  company  sells  a 
similar  product,  says  he  is  not  sur¬ 
prised  to  see  Symantec  looking 


into  this  market.  During  the  past 
few  quarters,  demand  for  this  type 
of  product  has  accelerated, 
spurred  by  laws  such  as  the 
Sarbanes-Oxley  Act  and  the 
Health  Insurance  Portability  and 
Accountability  Act,  as  well  as  by 
California’s  SB  1386,  which 
requires  companies  to  notify  cus¬ 
tomers  after  security  breaches,  he 
says. 

“We  are  seeing  much  larger  pro¬ 
jects  in  the  pipeline,  and  we’re 
seeing  more  and  more  cus¬ 
tomers  with  dedicated  budgets 
to  this  type  of  initiative,”  Kramer 
says.  Imperva’s  customers  are  pri¬ 
marily  in  the  financial  services,  e- 
business  and  healthcare  indus¬ 
tries,  he  says. 

The  Symantec  prototypes  use  a 
Dell  PowerEdge  1850  server  run¬ 
ning  Linux,  but  if  the  product  is 
brought  to  market,  it  could  be 
based  on  virtually  any  t3Fpe  of  serv¬ 
er,  Egan  says. 

Based  on  initial  customer  feed¬ 
back,  however,  Symantec  seems 
likely  to  stick  with  its  appliance 


concept  and  not  try  to  develop  a 
software-only  product. 

“The  DBAs  are  a  very  conserva¬ 
tive  bunch  of  people,  and  they 
definitely  don’t  like  people 
installing  things  on  their  servers,” 
Egan  says.“It  also  means,  from  the 
chief  security  officer’s  perspec¬ 
tive,  he  can  drop  it  in  without 
even  telling  the  DBAs. . .  .The  data¬ 
base  administrators  have  the 
keys  to  everything,  and  who 
keeps  tabs  on  them?"B 
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Linux  on  handhelds  pushed 


Mobile  Linux  Initiative  at  a  ^anee 


Members: 

MontaVista  Software,  Motorola,  PalmSource,  Trolltech,  Wind  River  Systems 

Mission: 

“To  accelerate  adoption  of  Linux  on  next-generation  mobile  handsets  and  other 
converged  voice/data  portable  devices," 

Technical  focus 
areas: 

Boot-up  speed,  memory  footprint,  multimedia  framework,  power  management,  radio 
interface,  security. 

Web  site: 

www.osdl,org/iab_activities/mobileJinux/mli 

Short  Takes 


■  Availl  is  unveiling  Version  3.0  of 
its  continuous  data-protection  soft¬ 
ware  for  Windows  servers.  Availl 
Backup  now  includes  the  capability 
to  back  up  databases  and  files  on 
the  network.  The  software  can 
enable  the  fallback  of  servers  to 
any  time  and  allows  continuous 
backup  of  data  on  local  and  remote 
servers.  It  transfers  only  b3^e-level 
differences  and  compresses  data. 
Version  3.0  starts  at  $995  per  server. 

■  SonSagB  has  announced  a  new 
version  of  its  secure  data-retention 
software  designed  to  help  cus¬ 
tomers  overcome  management 
obstacles  and  streamline  compli¬ 
ance  and  monitoring  processes. 
SenSage  3.5  includes  a  new  inte¬ 
grated  management  console, 
extended  clustering  and  high-avail¬ 
ability  capabilities,  plus  enhanced 
reporting  and  analytics.  SenSage 
aggregates,  retains  and  analyzes 
activity  logs  for  applications  run¬ 
ning  on  the  network  so  users  can 
identify  threats  to  regulatory  com¬ 
pliance  and  internal  or  external 
threats.  The  software  runs  on  a 
Red  Hat  Linux  server.  SenSage  3.5 
starts  at  $70,000. 

■  Microsoft  last  week  made  avail¬ 
able  what  could  be  the  final  beta  of 
Windows  Server  2003  Release  2, 
which  is  slated  to  ship  by  year-end. 
Server  operating-system  release 
candidates  are  typically  final  betas 
before  general  availability.  This  beta 
was  made  available  for  download 
from  Microsoft's  Web  site 
(www.networkworld.com, 

DocFinder:  9342).  Key  to  Release  2 
is  an  identity  technology  called 
Active  Directory  Federation 
Services.  One  of  the  final  pieces  of 
Microsoft's  identity-management 
platform,  ADFS  also  represents  the 
company's  first  implementation  of 
the  WS-Federation  protocol  that  it 
developed  with  IBM.  Microsoft  has 
positioned  WS-Federation  as  the 
linchpin  for  integrating  security 
infrastructures  among  companies. 


BY  NANCY  GOHRING,  IDG  NEWS  SERVICE 

Motorola  and  PalmSource  are  among  the 
companies  that  lined  up  last  week  behind 
an  initiative  that  aims  to  promote  the  use  of 
Linux  on  cell  phones. 

The  Mobile  Linux  Initiative  was  launched 
by  Open  Source  Development  Labs 
(OSDL)  to  tackle  technical  challenges  and 
support  the  adoption  of  Linux  on  hand¬ 
held  devices. 

“There  is  a  lot  of  momentum  for  Linux  on 
handhelds, specifically  for  mobile  phones,” 
says  Eirik  Chambe-Eng,  president  and  co¬ 
founder  of  Trolltech.a  company  that  builds 
a  GUI  on  top  of  Linux  for  mobile  devices 
and  has  joined  the  OSDL  effort.  But  be¬ 
cause  more  companies  are  developing 
Linux  for  mobile  products,  there  is  a  need 
to  coordinate  the  efforts,  he  says. 

“All  of  the  Linux  developments  are  a  dis¬ 
parate  set  of  projects,”  says  Ben  Wood,  re¬ 
search  vice  president  for  mobile  devices 
at  Gartner.  “It’s  not  like  write  once,  run 
anywhere.” 

Companies  involved  in  the  Mobile  Linux 
Initiative  hope  to  pull  together  their  devel¬ 
opments  in  a  common  direction. 

The  group’s  technical  achievements  also 
could  be  important.  Companies  such  as 
Trolltech  depend  on  a  good  Linux  kernel 
that  can  efficiently  use  processor  and  elec¬ 
trical  power  in  devices. 

“This  initiative  is  aimed  at  creating  one 
good  kernel  of  [operating  system]  that 
uses  the  resources  of  the  mobile  phone,” 
Chambe-Eng  says. 


BY  DENISE  DUBIE 

Computer  Associates  last  week  made 
public  its  acquisition  of  an  e-mail  archiving- 
software  vendor  whose  technology  CA  says 
will  help  round  out  BrightStor,  its  suite  to 
manage  storage. 

The  company  did  not  disclose  how  much 
it  spent  on  iLumin  Software  Services,  which 
was  founded  in  1996. 

CA  will  sell  iLumin’s  Assentor  product 
line  as  is,  with  plans  to  eventually  integrate 
it  into  its  storage  and  broader  management 
portfolio.  CA  says  the  acquisition  brings 
cross-platform  e-mail  security,  archiving  and 
data  protection  to  its  BrightStor  manage¬ 
ment  suite. 

Industry  watchers  say  the  technology  will 


In  addition  to  Motorola,  F^lmSource  and 
Trolltech,  MontaVista  Software  and  Wind 
River  Systems  were  named  as  the  first 
members  to  participate  in  the  initiative. 

Linux-based  devices  have  been  popular 
in  Asia,  but  haven’t  had  much  traction  in 
Europe  or  the  US.  Motorola  has  shipped 
more  than  3  million  devices  in  China  that 
are  based  on  Linux  and  Trolltech’s  soft¬ 
ware,  Chambe-Eng  says. 

He  expects  that  such  manufacturers  as 
Motorola  will  begin  making  more  of  a 
push  with  these  products  into  Europe  and 
the  US.  in  the  next  six  to  12  months. 

Linux  is  attractive  to  mobile  manufac¬ 
turers  for  its  capabilities,  as  well  as  cost. 
Linux  may  solve  some  of  the  problems 
that  manufacturers  face  with  building  full- 
feature  phones  that  may  include  cameras, 
color  displays,  video  cameras  and  Web 
browsing. 

“The  [operating  systems]  that  manufac¬ 
turers  are  using  are  starting  to  run  out  of 
horsepowerj’Wood  says. 


help  CA  address  a  growing  need  among  its 
enterprise  customers,  which  are  being 
called  upon  to  manage  e-mail  in  line  with 
compliance  requirements. 

“It  will  give  CA  the  ability  to  manage  e- 
mail  as  an  information  life-cycle  manage¬ 
ment  application,  according  to  regulatory 
requirements,” says  Mike  Karp,  a  senior  ana¬ 
lyst  with  Enterprise  Management  Associ¬ 
ates. 

“Eventually  it  will  make  sense  for  CA  to 
integrate  the  technology  with  its  Unicenter 
management  software,”  Karp  says. 

Despite  its  previous  partnership  with 
iLumin,  CA  is  still  playing  a  bit  of  catchup 
with  competitors  —  such  as  IBM,  EMC  and 
Symantec  —  in  the  e-mail-archiving  mar- 


He  doesn’t  think  Linux  necessarily  poses 
a  serious  threat  to  suppliers  of  mobile 
devices,  such  as  Symbian  and  Microsoft. 

Nokia,  for  example,  is  quite  committed  to 
Symbian,  and  while  Wood  expects  Nokia 
may  look  to  use  open  source  products  for 
some  of  its  non-cell  phone  devices,  it’s 
unlikely  that  the  company  would  soon 
turn  to  Linux  for  its  mobile  phones. 

Nokia’s  770  Internet  tablet  is  based  on 
open  source  software.  But  Linux  also  is  be¬ 
coming  increasingly  attractive,  because  it 
can  reduce  costs  for  manufacturers. 

The  Symbian  operating  system  costs 
manufacturers  between  $5  and  $7  per 
phone,  Wood  says.  A  Linux-based  phone 
would  probably  come  in  under  that. 

While  there  is  a  growing  interest  in  Linux 
in  the  mobile  phone  market,  it  probably 
won’t  have  major  implications  soon,  he 
says. 

“This  is  just  a  steppingstone  in  the  emer¬ 
gence  of  Linux  as  a  potential  platform  for 
mobile  phones,”  he  says.  ■ 


ket,  industry  watchers  say  HP  also  offers  e- 
mail-archiving  technologies  via  its  Refer¬ 
ence  Information  Storage  System. 

The  acquisition  news  came  a  week  after 
CAs  chief  met  with  the  press  to  discuss  the 
company’s  plans  in  year  two  of  a  four-year 
strategy  aimed  at  reconfirming  its  position 
of  management  leadership.  Storage  is 
among  four  technology  areas  CEO  John 
Swainson  has  designated  for  growth  and 
development  within  CA,  alongside  man¬ 
agement,  security  and  optimizing  business 
services.  ■ 
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HP  user  group  grabs  spotlight  at  show 

Encompass  president  embraces  members  of  defunct  Interex  customer  organization. 


^^This  has  been  a  pretty  brutal  five 
^  years  as  an  IT  professional.  But  peo- 
M  pie  are  starting  to  have  fun  again. W 

Kristi  Browder,  IT  director,  Silicon  Laboratories 


BY  TOM  KRAZIT,  IDG  NEWS  SERVICE 

ORLANDO  —  On  the  first  day  of  the 
inaugural  HP  Technology  Forum  last 
week,  Kristi  Browder’s  real  job  evaluating 
servers  took  a  back  seat  to  speech-mak¬ 
ing.  press  interviews  and  receptions  hon¬ 
oring  her  fellow  users  of  HP’s  technology. 

Most  of  the  time,  she’s  the  IT  director  at 
Silicon  Laboratories,  currently  rolling  out 
HP  servers  using  Advanced  Micro 
Devices’  Opteron  chips  to  engineers  at 
her  company,  who  design  chips  for  wire¬ 
less  networks. 

But  last  week,  Browder  was  one  of  the 
most  visible  HP  users  in  Orlando  as  the 
president  of  Encompass,  which  is  HP’s 
major  hardware  user  group  following  the 
demise  earlier  this  year  of  another  major 
HP  user  organization,  Interex. 

Encompass  was  first  known  as  DECUS, 
Digital  Equipment’s  user  group.  Two 
acquisitions  later.  Encompass  now  serves 
as  a  voice  for  HP  technology  users  and  a 
liaison  between  the  company  and  the 
technical  community  Browder  said. 

One  of  Encompass’  primary  roles  is  to 
put  on  user-oriented  conferences,  such 
as  the  HP  Technology  Forum,  where  HP 
professionals  from  around  the  world  can 
share  technical  knowledge  and  take 


training  classes  in  various  technologies. 
Those  conferences  used  to  be  indepen¬ 
dent  affairs,  but  HP  decided  last  year  to 
exert  more  control  over  its  user  confer¬ 
ences  and  consolidate  the  HP  World 
events  into  the  HP  Technology  Forum. 

Interex  attempted  to  hold  HP  World 
without  HP’s  support,  but  the  organiza¬ 
tion  closed  in  July,  citing  financial  diffi¬ 
culties  in  preparing  the  show.  That  left 
100,000  HP  users  without  a  formal  orga¬ 
nization  representing  their  interests. 

Encompass  has  reached  out  to  the  for¬ 
mer  Interex  members,  offering  discounts 
on  Encompass  membership  and  naming 
Interex  leaders  to  the  Encompass  board 
of  directors,  Browder  said. 

“We  want  to  embrace  the  former 
Interex  members  and  give  them  a  home,” 
she  said. 

Browder’s  fellow  IT  professionals  are 
starting  to  relax  again  after  five  years  of 
looking  over  their  shoulders  for  a  pink 
slip,  she  said. 

“This  has  been  a  pretty  brutal  five  years 
as  an  IT  professional,”  Browder  said.  “But 
people  are  starting  to  have  fun  again, and 
that’s  one  of  the  things  behind  this  event. 
We  want  this  event  to  be  fun.” 

Browder  has  seen  more  movement  in 


the  IT  professional  ranks  this  year,  as 
companies  again  start  hiring  IT  workers. 

After  much  hand-wringing  in  the  IT 
community  about  the  outsourcing  and 
offshoring  of  IT  jobs,  Browder  noted 
some  companies  are  bringing  work  back 
into  the  U.S. 

Encompass  is  still  focused  on  helping 
IT  professionals  prepare  for  the  possibili¬ 
ty  that  their  jobs  might  be  sent  else¬ 
where,  Browder  said. 

Part  of  that  training  involves  helping  IT 
workers  develop  skills  on  the  business 
side  of  the  technology  world,  either  to 
manage  relationships  with  outsourcing' 
vendors  or  join  those  companies  them¬ 
selves,  she  said. 

On  the  technology  side.  Encompass  is 
focused  on  helping  HP  users  manage 
technology  transitions,  such  as  the  move 


to  high-end  servers  based  on  Intel’s 
Itanium  2  processor,  Browder  said. 

Smaller  companies  do  not  have  the 
resources  to  move  their  servers  to  newer 
technology  at  the  same  pace  that  HP  or 
Intel  would  like. 

Encompass  helps  those  companies  by 
keeping  alive  support  for  older  technol¬ 
ogy  and  training  those  companies  on 
the  new  systems,  she  said.  For  example, 
users  could  choose  among  training 
classes,  such  as  Open  VMS  system  admin¬ 
istration  or  deploying  Oracle’s  grid  com¬ 
puting  software  at  the  HP  Technology 
Forum.  ■ 
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EMC:  Where  it  is  and  where  it’s  going 


ON  STORAGE 

Mike  Karp 


My  recent  meeting  with  several 
EMC  managers  resulted  in  some 
intriguing  information.  Here’s 
some  of  what  I  heard  and  where 
I  think  EMC  is  going. 

First  came  the  obligatory  chest 
pounding:  Revenue  is  up  in 
every  geographical  segment, 
and  overall  corporate  growth  in 
the  second  quarter  was  19%.  In 
2006  the  company,  now  with 
almost  25,000  employees,  in¬ 
tends  to  grow  at  twice  the  mar¬ 
ket  rate,  which  if  most  estimates 
are  correct  would  give  EMC  a 
year-over-year  growth  rate  of 
14%. 

EMC  is  on  track  to  spend  $1 
billion  in  R&D  this  year,  which 


puts  it  in  a  rather  exclusive  club 
—  companies  that  spend  more 
on  R&D  than  their  competitors 
receive  in  annual  revenue.  Last 
year,  EMC  spent  about  10%  of  its 
revenue  on  R&D. 

By  way  of  comparison,  other 
storage  members  of  this  club 
include  HP  IBM  and  Sun. 
According  to  those  companies’ 
latest  published  annual  reports, 
HP  spent  $3.7  billion  (roughly 
5%  of  its  revenue),  IBM  spent 
$5.7  billion  (roughly  5.9%)  and 
Sun  spent  about  $1.8  billion 
(roughly  16%)  on  R&D. 

ILM  and  more 

As  for  the  future,  EMC  looks  to 
be  following  a  two-track  strate¬ 
gy.  First,  expect  information  life- 
cycle  management  (ILM)  to 
play  a  continuing  role  in  most 
aspects  of  EMC’s  storage  plan¬ 
ning.  Second,  as  we  have  pre¬ 
dicted  for  a  year,  EMC  clearly  is 
beginning  to  realize  that  there 
may  be  life  beyond  storage. The 


overall  goal,  according  to  an 
EMC  spokesman,  is  to  move  the 
company  “from  being  a  storage 
company  to  being  an  informa¬ 
tion  management  company’ 
Let’s  look  first  at  ILM.  It  is  all 
about  efficiently  moving  data 
between  the  various  tiers  of 
storage  to  save  money  while 
making  sure  that  data  is  retriev¬ 
able  according  to  established 
service  levels.  ILM  is  also  about 
cliches. 

For  instance,  a  standard  set  of 
cliches  applies  to  ILM  products 
and  services  from  all  the  leading 
vendors,  including  EMC.  All  ven¬ 
dors  admit,  for  example,  that  ILM 
is  not  a  product  but  an  assem¬ 
blage  of  hardware,  software  and 
services.  Alas,  you  and  I  can’t  go 
out  and  “buy  an  ILM.” 

That  circumstance  notwith¬ 
standing,  however,  EMC  —  like 
its  chief  competitors  —  is  pre¬ 
pared  to  make  it  easy  for  you  to 
buy  all  your  ILM-related  hard¬ 
ware,  software  and  services  from 


a  single  source  should  you  want 
to  do  so.  (Guess  who?) 

EMC  will  make  storage  tiering 
easier  through  several  new  tech¬ 
nology  initiatives. 

First,  during  the  coming 
months  look  for  the  company  to 
roll  out  arrays  that  use  low-cost 
Fibre  Channel  drives,  which  can 
be  put  in  the  same  arrays  as 
higher-performance  Fibre  Chan¬ 
nel  devices. 

This  will  be  a  cross-industry 
trend,  similar  in  most  ways  to 
what  is  happening  to  serial- 
attached  SCSI  and  serial  ATA. 
Look  for  lots  of  silicon 
providers  (Agilent  for  one)  to 
offer  several  low-cost  Fibre 
Channel  options,  including  4G- 
b  it/sec  systems. 

Next,  expect  EMC  to  make  two 
key  moves  in  network-attached 
storage:  moving  the  file  virtual¬ 
ization  technology  it  got 
through  the  Rainfinity  acquisi¬ 
tion  to  the  front  and  center  of  its 
network-attached  storage  mar¬ 


keting  efforts,  and  withdrawing 
its  largely  unsuccessful  NetWin 
line  of  NAS  products. 

Expect  EMC  to  continue  turn¬ 
ing  to  many  partners,  particular¬ 
ly  Outer  Bay  for  much  of  the  soft¬ 
ware  glue  that  ILM  requires.  And 
expect  it  to  roll  out  a  broader 
mix  of  consulting  services 
aligned  around  ILM. 

Karp  is  senior  analyst  with 
Enterprise  Management  Asso¬ 
ciates,  focusing  on  storage,  and  is 
author  of  Network  World’s  Stor¬ 
age  in  the  Enterprise  newsletter. 
He  can  be  reached  at  mkarp@ 
enterprisemanagement.  com. 
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Getting  to  the  Core  of  Backup  Problems 

I,  By  eliminating  network  congestion,  ForcelO  curbed  the  unpredictable  backup  times  hurting  this  insurance  firm’s  productivity. 

'{ 

i 

"It  was  difficult  to  explain  to  our 
executive  group  that  we  couldn't 
reliably  predict  how  long  the  backup 
would  take." 

Colin  Hines 

Senior  Administrator  of  Network  and  Security  Infrastructure  at  Tower  Hill 


On  those  occasional  nights  when  the  backup  process 
for  Tower  Hill  Insurance  Group's  policy  management 
application  took  a  full  16  hours,  employees  arriv¬ 
ing  for  work  would  find  themselves  locked  out  of  the 
application.  "No  one  could  do  anything,"  says  Colin 
Hines,  Tower  Hill's  Senior  Administrator  of  network  and 
security  infrastructure.  "It  was  difficult  to  explain  to  our 
executive  group  that  we  couldn't  reliably  predict  how 
long  the  backup  would  take." 

Based  in  Gainesville,  Fla.,  and  with  offices  in  Ken¬ 
tucky,  Tower  Hill  is  a  leading  property  and  casualty 
insurer  providing  coverage  for  homes,  rental  proper¬ 
ties,  personal  automobiles,  and  commercial  property  to 
500,000  policy  holders  in  Florida.  The  company  has  a 
Web-enabled  IT  and  billing  infrastructure  that  supports 
its  400  employees  and  enables  it  to  attract  new  agents 
and  cost  effectively  scale  its  business. 


Each  night  Tower  Hill  backs  up  data  relating  to 
policies  and  claims  -  about  4  terabytes.  With  the  total 
volume  of  company  data  doubling  every  two  years  and 
hitting  15  terabytes  this  year,  the  strain  on  the  network 
began  to  show.  In  particular,  the  time  needed  to  back 
up  its  business-critical  policy  management  application 
became  unpredictable. 

To  ensure  data  integrity,  IT  first  backs  up  the  appli¬ 
cation  to  capture  daily  changes,  then  runs  an  update 
process  that  inserts  information  such  as  policy  renewal 
dates,  and  then  backs  up  the  application  again.  While 
the  update  process  completed  in  a  predictable  time- 
frame,  each  backup  took  anywhere  from  four  to  seven 
hours.  On  average,  the  three-stage  backup  and  update 
process  required  13  hours.  When  backup  times  ran 
longer,  employees  arriving  for  work  were  locked  out 
of  the  system. 

Ripple  Effects 

The  network  became  the 
first  thing  the  server  group 
blamed  for  the  varying 
backup  times,  Hines  notes, 
since  they  could  easily 
check  out  their  equipment. 
Hines,  on  the  other  hand, 
was  spending  25  to  30 
percent  of  his  time  moni¬ 
toring  and  troubleshooting 
the  network,  and  finding 
work  arounds  to  conges¬ 
tion  problems.  When  he 
determined  that  the  volume 
of  data  coming  into  blades 
on  his  two  core  routers  was 
greater  than  the  blades' 
connection  to  the  routers' 
backplanes,  he  helped  the 
server  team  work  around 
the  oversubscription  prob¬ 
lem  by  balancing  where 
servers  plugged  into  the 
network. 

It  bought  them  some 
#  time.  But  it  meant  Hines 


needed  to  direct  the  server  team  each  time  a  new 
server  was  brought  on  line.  The  unpredictable  backup 
times  impacted  IT  in  other  ways,  as  well.  Routine 
maintenance  and  software  releases,  for  example,  had 
to  be  done  on  weekends  as  it  was  impossible  to  do 
them  at  night. 

With  traffic  volumes  continuing  to  escalate,  Hines 
knew  something  had  to  give.  "Our  core  couldn't  han¬ 
dle  the  amount  of  data  we  were  pushing  through  it," 
he  says.  "And  1  want  the  network  to  be  something  you 
can  just  plug  into  and  it  goes."  It  was  time  to  upgrade 
the  network  core. 

Wanted:  Performance  and  Reliability 

When  Hines  began  evaluating  new  core  devices, 
he  knew  what  he  wanted.  "We  buy  best  in  breed," 
he  notes.  "We  needed  line-rate  throughput,  non- 
blocking  gigabit  interfaces,  and  access  lists.  And  we 
needed  reliability." 

Tower  Hill's  search  for  a  new  core  router  led  them 
to  ForcelO.  Hines  installed  a  ForcelO TeraScale  El 200 
switch/router  in  early  2005  and  has  watched  the  com¬ 
bined  time  for  both  pre-  and  post-update  backups  of 
the  policy  management  application  drop  to  a  consistent 
2.5  hours.  What  used  to  be  a  13  hour  or  more  backup 
and  update  process  is  now  routinely  done  in  five. 

"One  of  the  really  attractive  things  about  the  Forcel  0 
El  200  is  that  it's  full  rate  line  speed,  non-blocking.  It's 
not  oversubscribed,  as  were  other  core  switches  I  eval¬ 
uated,"  says  Hines.  Each  server  now  has  true  gigabit 
access  to  every  other  server  and  device  on  the  network. 
In  addition,  the  El  200  supports  active  redundant  links 
with  immediate  failover  if  one  link  fails.  As  a  result, 
each  Tower  Hill  server  with  dual-gigabit  interfaces  has 
a  2-Gbps  connection  to  the  core  whereas  the  previous 
core  routers  only  supported  one  active  connection  in  a 
dual-homed  configuration. 

In  addition,  the  El 200  is  a  fully  redundant  system, 
ensuring  continuous  uptime  for  the  network.  And 
Hines  has  been  impressed  with  the  level  of  support 
ForcelO  provides.  "We're  a  moderate-size  business," 
he  notes.  "I've  never  had  support  this  excellent." 

Core  Benefits 

With  a  line-rate,  congestion-free  core  switch/router 
in  place.  Tower  Hill  is  assured  of  predictable  perfor¬ 
mance  from  the  network.  As  a  result,  backup  times 
have  been  dramatically  reduced,  ensuring  critical 
applications  are  always  available  during  business  hours 
and  freeing  IT  staff  to  perform  routine  maintenance, 
software  releases  and  other  tasks  in  the  evening  rather 
than  wait  until  weekends.  IT's  management  overhead 
has  also  dropped,  as  the  burden  of  ongoing  network 
monitoring  and  troubleshooting  has  been  eliminated. 

"ForcelO  gave  us  the  ability  to  exonerate  the 
network,"  Hines  says.  Tower  Hill  now  has  a  predictable 
network  with  plenty  of  headroom  to  accommodate 
ever  increasing  traffic  loads. 


Logical  diagram  of  Tower  Hill’s  primary  network  in 
Gainesville,  Florida,  and  remote  disaster  recovery  site 


I 


For  a  FREE  white  paper  on  ForcelO’s  data  center  vision  visit 

www.nww.com/forcel0 


Sponsored  by 


DON’T  LET 
SPYWARE 
SABOTAGE  YOUR 
ENTERPRISE. 


The  next  threat  is  no  threat  with  Trend  Micro. 

Expose  and  eradicate  spyware  with  Trend  Micro's  Enterprise-class,  multi-level, 
anti-spyware  solutions.  They're  the  only  solutions  that  block  and  clean  at  the  gateway — 
the  most  effective  point  of  control.  Trend  Micro.  #1  global  leader  at  the  gateway  and 
industry  pioneer.  Whether  it's  a  virus,  worm,  spyware,  or  spam,  we've  got  you  covered. 


For  a  FREE  evaluation  and  IDC  whitepaper, 
go  to  www.trendmicro.com/spyware 
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Plumtree  overhauls  flagship  portal  line 


BY  STACY  COWLEY,  IDG  NEWS  SERVICE 

Plumtree  last  week  began  rolling  out  a 
major  new  version  of  its  portal  software 
product  line,  including  new  bundling 
options,  broader  platform  support  and  a 
stand-alone  product  the  company  intends 
as  the  first  in  a  line  of  customized  industry 
applications. 

“Of  all  the  releases  we’ve  done  in  the  past, 
this  is  the  one  where  we’ve  literally  gone 
top  to  bottom  with  the  product  and  made 
everything  betterf  says  Andrew  Dunning, 
director  of  product  marketing  at  Plumtree. 

At  the  heart  of  Plumtree’s  G6  line  is  its  flag¬ 
ship  Plumtree  Foundation  software  for 
building  corporate  portals.The  new  version 
includes  features  aimed  at  easing  applica¬ 
tion  development,  including  new  debug¬ 
ging  tools,  an  Asynchronous  JavaScript  and 
XML  API,  simplified  user  interface  cus¬ 
tomization  tools  and  enhanced  configura¬ 
tion  utilities. 

Plumtree  also  is  extending  depIo3nTient 
options  for  its  Java-based  software.  G6  is 
currently  certified  for  Windows  and  RedHat 
Linux.  Within  the  next  few  months  it  will  be 


■  Groundwork  last  week  made  avail¬ 
able  Groundwork  Monitor  4.0.  The  latest 
version  of  the  network  management 
platform  features  a  unified  user  inter¬ 
face  that  the  company  says  prevents  IT 
managers  from  having  to  navigate 
through  multiple  open  source  tools.  The 
software,  built  on  a  popular  open  source 
monitoring  application  called  Nagios, 
runs  on  a  Linux  server  with  memory  in 
disk  and  can  be  used  with  or  without 
agents.  The  agent  option,  recommended 
by  the  vendor,  uses  a  Perl  script  that 
runs  on  managed  devices  and  extracts 
management  information  from  man¬ 
aged  devices.  Customers  also  have  the 
option  to  write  plug-ins  specific  to  their 
environment  to  broaden  the  software’s 
monitoring  capabilities.  Also  new  to  this 
version.  Groundwork  opened  the  archi¬ 
tecture  to  enable  easier  integration 
among  multiple  open  source  tools. 
Groundwork  Monitor  4.0  costs  about 
$16,000  for  an  annual  subscription. 


certified  for  SuSE  Linux,  Solaris  and  AIX  as 
well,  Plumtree  says.  In  addition  to  Internet 
Explorer,  G6  supports  the  Firefox,  Netscape 
and  Safari  browsers. 

Plumtree  is  creating  three  different  bun¬ 
dles  for  its  applications  suite:  a  Portal  bun¬ 
dle  focused  on  its  Foundation  software;  a 
Community  bundle  that  adds  collabora¬ 
tion,  and  simple  application  creation  tools 
for  building  functionality  such  as  polls 
and  surveys;  and  an  Application  package 
that  adds  a  new  product,  Plumtree  Pro- 


BY  JOHN  FONTANA 

CommuniGate  Systems  last  week 
released  the  newest  version  of  its  messag¬ 
ing  platform  designed  to  provide  users  with 
improved  voice  support. 

The  company  formerly  known  as  Stalker 
Software,  released  CommuniGate  Pro  5.0, 
which  includes  VoIP  features  that  let  cus¬ 
tomers  cluster  servers  to  create  scalable 


■  Workshare  last  week  released  a 
new  version  of  its  document  integri¬ 
ty  software  that  includes  the  compa¬ 
ny's  Document  Hygiene  technology, 
designed  to  guard  against  privacy 
breaches  and  the  disclosure  of  sensi¬ 
tive  information.  Workshare 
Professional  4.5  works  at  the  client  to 
block  the  transfer  of  documents  that 
contain  sensitive  information,  company 
officials  say.  Document  Hygiene  filters 
a  document's  content  for  key  words 
that  violate  privacy  or  relate  to  intellec¬ 
tual  property,  financial  information  or 
data  controlled  by  regulations  that 
should  not  leave  the  company.  Also 
with  Version  4.5,  Workshare  has  includ¬ 
ed  support  for  Unicode  and  has  boost¬ 
ed  the  performance  of  the  software's 
information-discovery  features,  the 
company  say.  Workshare  4.5  works 
with  Outlook,  Notes  and  GroupWise.  It 
is  priced  at  $349  with  a  10-user  mini¬ 
mum;  volume  discounts  are  available. 


cess,  for  managing  and  automating  busi¬ 
ness  processes.  Plumtree  Process  is  based 
on  business  process  management  tech¬ 
nology  that  Plumtree  licensed  from 
Fuego.  Plumtree’s  Portal  suite  is  priced  at 
$267  per  user,  while  its  Community  suite  is 
priced  at  $344  per  user  and  its  Application 
suite  is  priced  at  $396  per  user,  plus 
$38,000  per  processor  for  the  Plumtree 
Process  module. 

Plumtree  also  unveiled  its  first  vertical 
application.  High  Performance  Store 


infrastructure  to  support  voice  along  with 
call-logging  and  bill-back  features.The  soft¬ 
ware  includes  conferencing,  call-control 
features,  voice  mail  storage  within  in-boxes 
and  the  CommuniGate  Programming  Lan¬ 
guage  for  customizing  voice  applications. 

The  company  says  it  hopes  to  create  a 
voice  platform  using  Session  Initiation 
Protocol  (SIP), which  is  finding  acceptance 
with  messaging  vendors,  as  well  as  instant¬ 
messaging  platforms. 

“VoIP  is  a  technology 
whose  time  has  come’’ 
says  Michael  Osterman, 
president  of  Osterman 
Research.  “The  quality  of 
service  issues  have  pretty 
much  been  solved  and 
the  cost  savings  can 
potentially  be  pretty  dra¬ 
matic.  This  is  where  all 
messaging  systems  are  going.”  Osterman 
says  eventually  the  real  hook  for  VoIP  will 
be  integration  with  other  network  services. 

CommuniGate  is  focusing  its  5.0  release 
on  applications  as  well  as  infrastructure 
improvements,  including  SIP  clustering 
that  lets  users  add  nodes  to  a  live  cluster. 
The  server  also  supports  call  detail 
record  logging  and  integration  with 
billing  systems  and  click-to-call  from 
Outlook  and  Web  mail.  CommuniGate 
Pro  also  handles  network  address  transla¬ 
tion  traversal  and  includes  the  ability  to 
deal  with  non-standard  SIP  softswitches 
and  clients,  including  support  for  exten¬ 
sions  Microsoft  has  written  for  SIP  around 
authentication. 

The  server  includes  multipoint  confer¬ 
encing  capabilities  that  let  users  create  and 


Management  Application  (HiPer),  a  retail- 
focused  portal  it  co-developed  with  a  cus¬ 
tomer,  restaurant  chain  Applebee’s.  HiFfer,  a 
stand-alone  application,  is  now  in  use  at 
Applebee’s  and  will  be  available  to  other 
retailers  by  year-end. 

Plumtree  will  soon  be  subsumed  by  BEA 
Systems,  which  agreed  in  August  to  buy 
Plumtree  for  around  $200  million.  Plum- 
tree’s  Dunning  says  he  doesn’t  expect  the 
acquisition  to  cause  any  disruptions  for 
customers.® 


host  online  conferences,  an  auto-attendant 
and  automatic  call  distribution  that  sup¬ 
ports  call  queuing  for  call  centers. 

CommuniGate  Pro  also  delivers  voice 
mail  to  e-mail  inboxes. Voice  mail  also  can 
be  forwarded  to  a  mobile  device  or  notifi¬ 
cation  sent  via  IM. 

The  application  features  require  a  con¬ 
nection  to  a  public  switched  telephone  net¬ 
work,  which  can  be  either  a  service  or 
premise  equipment. 

Also  included  is  the 
CommuniGate  Program¬ 
ming  Language  for  build¬ 
ing  custom  applications 
or  extending  the  built-on 
applications.  The  devel¬ 
opment  platform  sup¬ 
ports  WebDAV,  .Net,  Sim¬ 
ple  Object  Access  Proto¬ 
col  and  VoiceXML. 

“We  see  this  as  what  Internet  communi¬ 
cation  is  and  will  be  in  the  future,”  says 
Thom  O’Connor,  director  of  product  archi¬ 
tecture  for  CommuniGate.“It  is  just  another 
method  of  accessing  communication  ulti¬ 
mately  O’Connor  says  CommuniGate  will 
be  adding  video  mixing  in  a  future  upgrade 
to  the  server. 

CommuniGate  competes  with  Gordano, 
Rockliffe,  Mirapoint,  Scalix,  IPSwitch  and 
Sendmail.  On  the  SIP  infrastructure  side  the 
competition  comes  from  Nortel,  Avaya  and 
Cisco. 

The  server  runs  on  Linux,  Macintosh, 
Windows  and  Unix. 

CommuniGate  Pro  5.0  is  priced  at  $699 
for  25  users.  The  clustered  version  starts  at 
$27  per  user  starting  at  500  users  with  a 
minimum  of  two  machines  in  the  cluster.® 


Short  Takes 


CommuniGate  adds  voice  features 


Voicing  success 

VoIP  technology  is  expected 
to  penetrate  45% 
of  corporations  by  2007, 
according  to  Osterman 
Research. 
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Apple's  unnoticed  announcement? 


NET  INSIDER 


Scott  Bradner 


Apple  CEO  Steve  Jobs  made  a 
pile  of  product  announcements 
on  Oct.  12.The  video  iFbd  got  most 
of  the  press,  but  it  was  another  an¬ 
nouncement  that  best  indicates 
i^ple’s  future  directions. 


Apple  introduced:  a  new  iMac, 
complete  with  remote  control; 
Front  Row,  a  music,  picture  and 
video  display  application  that 
works  with  the  remote  control; 
Photo  Booth,  an  application  for 


taking  pictures  of  yourself  with 
the  camera  built  into  the  new 
iMac;  the  video  iFbd;  iTunes  6,  to 
support  the  new  iPod;  and,  finally, 
a  deal  with  Disney  that  will  let  you 
download  and  view  primetime 


introducing  the  SYSTiMAX* 
GigaSPEED*  X10D  Solution,  the  UTP 
cabling  solution  that  empowers  your 
infrastructure  with  10G  performance. 


SYSTIMAX* 

SOLUTIONS 


Whan  was  the  last  time  you  looKed  into  the  future?  SYSTIMAX  •Labs 
engineers  and  scientists  do  it  every  day,  and  they  see  a  world  dominated  by 
gigabit-hungry  appScations  that  can  choke  throughput  and  cripple  today's 
networks.To  help  you  meet  the  future  on  its  own  bandwidthH'ntensive  terms, 
SYSTIMAX  •  Solutions  has  developed  the  GIgaSPEEO*  XI OO  Solution. 

A  comprehensive,  end^to-ervd  10G  UTP  cabling  solution,  the  GigaSPEED 
X10O  Solution  extends  the  performance  capabilities  of  your  netvrark  with 
blazing  speed  and  bandwidth  to  spare.  Which  means  it  increases  your 
productivity  and  sharpens  your  competitive  edge.  So  bring  on  the  streaming 
media!  Bring  on  all  the  sophisticated  applications  the  future  wrill  unleashi 
With  the  visionary  GigaSPEED  XI  OO  Solution,  the  future  is  now.To  get  a 
head  start  on  tomorrow,  contact  SYSTIMAX  Solutions  today  at 
1  -800-344-0223,  systimaxsolutions@systimax.eom  or  wwwsysdmaxxom. 


O  2008  CommSoope,  krc. 


ABC  TV  shows  shortly  after  they 
air  for  $1.99  each. 

Not  surprisingly  the  video  iFbd 
got  most  of  the  press.  Much  of  the 
coverage  wondered  about  Jobs’ 
change  of  heart  as  he  had  long 
maintained  that  people  were  not 
going  to  walk  around  watching 
video  on  a  screen  that  small.  Other 
reporters  wondered  about  the 
video  pricing.  A  few  days  later  the 
coverage  switched  to  focus  on  the 
outrage  expressed  by  the  local 
ABC  TV  stations,  which  seem  to 
think  that  no  one  will  watch  their 
shows  when  they  are  broadcast. 

I’d  rather  take  Jobs  at  his  word.  1 
expect  the  market  for  watching 
roughly  $2  shows  on  a  2.5-inch 
screen  is  rather  small.  So  maybe 
Apple  is  up  to  something  else. 
Maybe  the  important  announce¬ 
ments  were  about  everything  ex¬ 
cept  for  the  video  iFbd. 

1  expect  that  the  reason  Apple 
was  able  to  get  music  publishers 
to  agree  to  the  original  iTunes 
store  was  that  it  was  “only”  for 
the  Mac  and  thus  not  much  of  a 
threat.  It  was  only  later  that  Apple 
released  the  Windows  version 
and  took  over  the  market.  Maybe 
Apple  is  trying  to  lure  the  movie 
and  TV  companies  with  the  low- 
threat,  2.5-inch  iPod  screen  while 
downplaying  the  iMac’s  ability  to 
play  the  same,  as  well  cis  very 
much  higher  quality  video  on  its 
big  screen  or  to  a  projector. 

Just  maybe  Apple  is  about  to 
make  real  the  long  predicted 
video  revolution  in  which  content 
owners  make  their  product  avail¬ 
able  directly  to  customers,  b3q)ass- 
ing  the  filtering  function  of  the  TV 
networks  and  cable  companies. 

If  it  becomes  as  normal  for  peo¬ 
ple  to  reach  out  and  grab  high- 
quality  video  content  as  it  has  be¬ 
come  to  use  Google,  companies 
will  be  able  to  significantly  re¬ 
vamp  their  training  processes  by 
pushing  much  of  the  them  to  peo¬ 
ple  at  home  rather  than  maintain¬ 
ing  special  training  centers. 

Disclaimer:  Harvard  does  offer 
in-home  training  (see  http:// 
extension.harvard.edu/),  but  Har¬ 
vard’s  “special  training  centers”  are 
quite  nice.  The  above  is  a  person¬ 
al,  not  the  university’s  view  on 
Apple’s  motives. 


GigaSPEED*  XI OD  •  LazrSPEED*  •  TeraSPEED™  •  iPatch™  •  AirSPEED™ 


Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  System.  He  can  be 
reached  at  sob@sobco.com. 


>THIS  IS  THE  WAY 


AIRLINES  EARN  THEIR  WINGS  IN  CUSTOMER  SERVICE 
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APPUCATION  OUTSOURCING 


Farming  out  apps:  More  e^,  more  baskets 


Skin  ffl  the  game 

Project- based  application  services  differ  from  true  application  outsourcing  engagements,  according  to  Gartner. 


Project-based  ontsourcing 

Application  ontsourcing 

•  Contract  terms  vary  by  weeks,  months  or  years. 

•  Multiyear  contracts  include  renewal  and  termination  terms  and  conditions. 

•  Service  provider  relationship  is  limited  to  performance  on  a  discrete  project. 

•  Parties  assume  ongoing  relabonship  for  management  and  governance  of  continuous 
services. 

•  Deliverables  and  milestones  are  tied  to  scope  of  work. 

•  Service  levels  include  productivity,  quality  and  responsiveness  measures. 

•  Effectiveness  of  engagement  is  clear  upon  project  completion. 

•  Effectiveness  of  engagement  accounts  for  incremental  IT  and  business  improvement. 

•  Innovation  is  tied  to  the  discrete  scope  of  work. 

•  Innovation  is  negotiated  and  delivered  over  the  life  of  the  engagement. 

•  Client  assumes  project  risk. 

•  Risk  is  negotiated,  shared  by  client  and  service  provider. 

BY  ANN  BEDNARZ 

Dutch  banking  giant  ABN  Amro’s  huge 
new  IT  outsourcing  deal  illustrates  the 
growing  trend  of  companies  farming  out 
work  to  multiple  providers  instead  of 
negotiating  one  large  contract. 

Announced  last  month,  the  deal  has  five 
vendors  splitting  $2.2  billion  in  IT  work  over 
five  years.  IBM  won  a  $  1.9-billion  IT  infra¬ 
structure  outsourcing  component,  includ¬ 
ing  servers,  storage  systems  and  desktops; 
Infosys  and  Tata  Consultancy  Services  drew 
$  125-million  and  $250-million  contracts, 
respectively  for  application  support  and 
enhancements;  and  Accenture,  IBM, 
Infosys,  Patni  Computer  Systems  and  TCS 
earned  preferred-supplier  status  for  an 
unspecified  amount  of  development  work. 

The  bank  says  its  IT  overhaul  will  save 
the  company  more  than  $600  million  by 
2007,  including  savings  accumulated  by 
cutting  1,500  jobs  and  transferring  2,000 
jobs  to  the  outsourcing  vendors  (leaving 
ABN  Amro  with  about  1,800  in-house  IT 
stafO-In  addition,  the  outsourcing  arrange¬ 
ments  will  provide  better  and  faster  access 
to  new  technologies,  which  will  lead  to 
more  sophisticated  product  development 
for  ABN  Amro’s  clients. 

ABN  Amro  chose  to  divvy  up  the  work 
among  five  outsourcers,  based  on  the 
broad  range  of  services  its  business 
requires.  “There  is  simply  no  single  vendor 
who  can  satisfy  all  the  different  needs  of 
the  bank,” says  Lars  Gustavsson,ABN  Amro’s 
CIO.  “We  also  believe  that  specialization  in 
certain  cases  will  prove  much  more  busi¬ 
ness-aligned  and  agile  over  time.” 

Analysts  predict  more  companies  will  pur¬ 
sue  a  multi-vendor  approach.  One  of  the 
most  anticipated  deals  could  come  from 
CM,  which  has  a  multibillion  dollar  out¬ 
sourcing  contract  with  EDS  set  to  expire 
next  year. ‘All  signs  point  to  that  going  to  a 
multisource  deal  when  it  expires,” says  Barry 
Mason  Rubenstein,  a  senior  analyst  at  IDC. 

Others  going  the  multisourcing  route 
include  French  carmaker  Renault,  which 
in  March  awarded  outsourcing  contracts 
to  Atos  Origin,  Computer  Sciences  Corp. 
and  HP;  Royal  Dutch/Shell  Group,  which 
orchestrated  an  IT  services  agreement, 
reportedly  in  the  $1  billion  range,  with  IBM 
and  Wipro  Technologies;  and  Bank  of 
America,  which  is  outsourcing  work  to 
EDS  and  Hewitt  Associates. 

The  trend  toward  multisourcing  allows 
IT  organizations  to  gain  access  to  best-of- 
breed  providers  while  reducing  the  risk  of 


having  a  single  vendor  responsible  for  vast 
corporate  IT  resources,  Rubenstein  says. 

“Users  are  more  sophisticated  about 
their  sourcing  strategies,  they’re  more 
capable  of  managing  multiple  vendors, 
and  they’re  looking  for  expertise  to  meet 
their  very  specific  applications  needs,” says 
Allie  Young,  a  vice  president  at  Gartner. 

Even  though  the  application-related  con¬ 
tracts  will  require  ABN  Amro  to  manage 
multiple  service  providers,  the  company 
expects  to  gain  efficiencies  by  sourcing 
projects  judiciously.  Infosys  and  TCS  will 
maintain  the  bank’s  existing  applications 
and  —  along  with  Accenture,  IBM  and 
Patni  —  develop  new  applications  across 
all  business  units. 

Industry  experience  is  particularly  critical 
for  application  outsourcing,  which  Young 
defines  as  a  multiyear  contract  for  manag¬ 
ing,  enhancing  and  maintaining  custom  or 
packaged  application  software.  Short  term, 
narrowly  defined  application  maintenance 
projects  don’t  fit  the  bill  (see  graphic). 

The  distinction  between  discrete  applica¬ 
tion  maintenance  work  and  strategic  appli¬ 
cation  development  is  significant.  Young 
says.  Application  outsourcing  calls  for 
providers  to  take  over  ongoing  manage¬ 
ment  and  operations  of  apps  in  an  effort  to 
yield  business-process  improvements. 

“If  companies  make  ad  hoc  outsourcing 
decisions,  driven  only  by  cost  savings, 
chances  are  they  will  fall  short  of  really 
delivering  business  objectives,”Young  says. 

Over  the  past  few  years  there  has  been  an 
increased  acceptance  of  application  out¬ 
sourcing  —  and  greater  activity  in  that  seg¬ 
ment  of  the  outsourcing  market,  according 
to  Gartner.The  research  firm  forecasts  a  five- 
year  growth  rate  for  enterprise  application 
outsourcing  of  more  than  6%. 


The  move  toward  global  sourcing  —  a 
services  model  that  includes  a  combina¬ 
tion  of  onsite,  onshore,  near-shore  and  off¬ 
shore  resources  —  has  helped  accelerate 
application  outsourcing  adoption. 

“If  you  can  digitize  your  applications 
work,  it  no  longer  needs  to  be  the  woric  that 
is  done  by  Tom,  Joe,  Mary  and  Sue,  who  sit 
next  to  each  other  in  cubicles.  It  now  goes 
to  India  or  China  or  Russia  or  wherever  you 
want  it  to  go”  Young  says.  “The  netwoik 
becomes  very  very  significant  to  enable  this 
new  world  of  application  outsourcing  that 
can  tap  into  global  delivery  models.” 

The  big  issue  for  companies  is  deciding 
what  work  to  keep  in-house,  what  to  divvy 
up  among  onshore  and  near-shore 
providers,  and  what  is  most  suitable  for  off¬ 
shore  providers,  IDG’s  Rubenstein  says. 

Traditional  IT  infrastructure  outsourcers, 
such  as  IBM,  HP  and  Sun,  have  expanded 
into  application  outsourcing.  Consultants 
and  systems  integrators  with  specialized 
application  skills,  such  as  Accenture  and 
CSC,  also  offer  outsourced  application  ser¬ 
vices.  At  the  same  time,  offshore  service 
providers  traditionally  associated  with 
project  work — such  as  Infosys  and  TCS  — 
are  evolving  their  businesses  to  include 
full-fledged  application  outsourcing. 

According  to  Evans  Data  Corp.,  compa¬ 
nies  are  most  likely  to  outsource  software 
development  projects  to  save  money  It’s 
the  No.  1  driver  for  28%  of  390  respondents 
in  the  firm’s  most  recent  enterprise  devel¬ 
opment  survey  Other  top  drivers  include 
the  need  for  specialized  development 
expertise  not  available  in-house  (19%), the 
desire  to  avoid  hiring  extra  personnel  who 
may  not  be  needed  long  term  (14%)  and 
to  accelerate  development  (9%). 

Even  as  more  companies  look  to  out¬ 


source  strategic  application  work,  not  all 
choose  to  divvy  up  those  services.  Late  last 
year  Zurich  Financicil  Services  signed  a 
seven-year,  $  1.3-billion  outsourcing  agree¬ 
ment  with  CSC  to  hand  off  new  application 
development  and  support  services  for  the 
insurance  company’s  more  than  4,000 
applications.  Apps  within  the  scope  of  the 
agreement  support  all  insurance  lines  writ¬ 
ten  by  Zurich  and  all  business  processes, 
including  new  business  and  underwriting, 
customer  service  and  claims. 

Accenture,  too,  landed  a  major  applica¬ 
tion  outsourcing  contract  last  year,  signing 
a  six-year,  $740-million  deal  with  Barclays. 
The  UK.  financial  services  firm  is  out¬ 
sourcing  application  development  and 
management  for  a  broad  range  of  its  com¬ 
mercial  and  retail  banking  systems. 

What  the  deals  have  in  common  is  the 
companies  are  ceding  control  over  busi¬ 
ness  applications  to  external  parties.  It’s  a 
distinct  change  in  attitude  from  the  days  of 
developing  massive,  highly  customized 
business  applications,Young  says.  “That  led 
to  a  lot  of  ad  hoc  decision  making,  multiple 
instances  of  certain  applications,  huge  inte¬ 
gration  efforts  and  extremely  costly  ongo¬ 
ing  maintenance  of  applications  that  far 
exceeds  the  initial  cost  to  even  write  them,” 
Young  says.“That’s  the  situation  many  many 
companies  are  in  now.  They’re  looking  at 
applications  work  that  is  incredibly  labor 
based  and  are  taking  different  roads  to 
achieve  new  levels  of  efficiency’ ■ 
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It’s  time  for  a  collaboration  solution  people  will  use  -  and  can  actually 
manage.  Ipswitch  Collaboration  Suite  is  designed  specifically  for  small- 
and  medium-sized  businesses.  So  it’s  easy  to  set  up  and  integrate  with 
popular  e-mail  clients,  including  Microsoft*  Outlook'*.  Featuring  reaFtime 
collaboration  tools,  e-mail,  group  calendaring  and  scheduling  and 
instant  messaging.  It’s  collaboration  without  complication. 


Ipswitch  Collaboration  Suite. 
It  just  works. 
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Visit  www.ipswitch.com  to 
download  a  30-day  free  trial. 
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Introducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  biHion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Bigiron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design.  The 
Bigiron  BJC  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

Find  out  more  about  the  Bigiron  RX  Series  and  how 

YOU  CAN  TAKE  ADVANTAGE  OF  A  LIMITED  TIME  OFFER  TO 
REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 
NETWORK.  Log  on  to  www.foundrynet.com/BigIronRX. 
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More  peering  clashes  seen  possible 


BY  CAROLYN  DUFFY  MARSAN 

Telecom  industry  analysts  fear  that  peer¬ 
ing  disputes  such  as  the  recent  flare-up 
between  Level  3  Communications  and 
Cogent  Communications  could  become 
more  common  as  the  largest  Internet  back¬ 
bone  providers  get  bigger  and  more  pow¬ 
erful  through  mergers  and  acquisitions. 

Peering  is  a  contractual  relationship 
between  ISPs  that  allows  them  to  exchange 
Internet  traffic  over  each  other’s  backbone 
netwoite.  Initially  most  peering  relation¬ 
ships  were  free  of  charge.  In  recent  years, 
large  Internet  backbone  providers  have 
begun  charging  smaller  access  providers  to 
carry  their  traffic. 

ISP  experts  fear  that  peering  disputes 
could  become  more  common  after  the 
mergers  between  AT&T  and  SBC,  and  MCI 
and  Verizon,  are  completed. 

“As  the  big  backbones  get  bigger  in  terms 
of  how  much  traffic  they  are  running  over 
their  networks,  they  can  play  hardball  with 
some  of  the  smaller  networks,”  says  Melanie 
Fbsey  director  of  the  telecom  service  at 
lDC.“This  issue  is  about  balance. The  whole 
idea  behind  peering  is  that  you  exchange 
similar  amounts  of  traffic.  If  the  big  back¬ 
bones  are  carrying  more  than  the  small 
ones,  they’re  going  to  say: ‘Pay  up.’” 

The  issue  of  balance  is  at  the  heart  of  the 


Short  Takes 


■  SBC  and  sister  company  CIngular 
Wireless  last  week  announced  they 
will  deploy  a  next-generation  network 
architecture  called  IP  Multimedia 
Subsystem  from  Lucent.  IMS  is  an 
architecture  that  defines  how  an  IP 
network  should  handle  voice  calls 
and  data  sessions.  It  essentially 
takes  the  place  of  the  control  infra¬ 
structure  in  a  traditional  circuit- 
switched  phone  network,  but  it  sepa¬ 
rates  services  from  the  networks 
that  carry  them.  Cingular  and  SBC 
will  implement  their  IMSs  separately, 
but  they  are  both  using  Lucent, 
which  will  enhance  their  opportuni¬ 
ties  to  give  users  a  seamless  wire¬ 
less  and  wireline  experience,  accord¬ 
ing  to  SBC. 


peering  dispute  between  Level  3  and 
Cogent. 

On  Oct.  5,  Level  3  discontinued  its  peering 
relationship  with  Cogent,  which  resulted  in 
some  blocked  Internet  traffic  for  customers 
of  the  two  companies.  Level  3  reestablished 
the  connection  Oct.  7,  but  warned  cus¬ 
tomers  it  would  shut  down  its  connection 
with  Cogent  again  Nov.  9  unless  Cogent 
agrees  to  a  new  peering  contract. 

Peering  disputes  such  as  this  one  were 
more  common  in  the  late  1990s,  as  UUnet 
and  other  major  Internet  backbones  began 
moving  from  free  to  paid  peering  arrange- 
ments.The  question  is  whether  peering  dis¬ 
putes  will  rise  along  with  the  current  ISP 
industry  consolidation. 

“What  will  happen  with  the  mergers  and 
acquisitions  is  that  there  will  be  a  lot  more 
smaller  providers  paying  more  transit  fees 
because  they  won’t  qualify  as  a  peer  with 


Convergence  changes  things.  Although 
combining  voice  and  data  across  the  same 
packet  network  wouldn’t,  in  theory  imply 
dramatic  changes  in  the  organization  and 
operations  of  an  IT  department,  in  practice 
companies  that  implement  convergence 
find  themselves  revisiting  almost  every 
aspect  of  their  operations. 

That  means  making  some  of  the  obvious 
changes  —  such  as  combining  voice  and 
data  teams  —  as  well  as  some  that  might  be 
less  evident. 

Most  IT  executives  realize  it’s  a  good  idea 
to  combine  voice  and  data  teams,  but  from 
what  I’ve  seen,  many  haven’t  gotten  to  it  yet. 
As  I’ve  previously  noted,  if  you’re  looking  to 
implement  convergence,  and  you  haven’t 
yet  integrated  your  teams,  here’s  a  relatively 
painless  way  to  do  it:  Ask  each  group  to  cre¬ 
ate  a  selection  matrix  for  selecting  VoIP 
PBXs  and  phones,  along  with  a  short  list  of 
preferred  vendors.  Let  the  groups  work 
independently  at  first.  Then  gather  them  in 
a  room  and  jointly  review  the  selection  cri¬ 
teria.  You’ll  most  likely  find  it  an  eyeopen- 


the  big  backbones,”  says  Brownlee  Thomas, 
principal  analyst  for  telecom  and  network¬ 
ing  at  Forrester  Research.  “The  trend  is 
toward  more  formal  interconnection  agree¬ 
ments,  and  there  will  be  costs  associated 
with  them.” 

Thomas  warns  that  smaller,  local  DSL 
providers  could  be  more  susceptible  to 
peering  disputes  than  top-tier  providers 
that  offer  both  local  and  long-distance 
access. 

“It’s  always  going  to  be  an  access/ingress 
issue,”  Thomas  says.  “Most  enterprises  don’t 
have  more  than  one  carrier  for  the  local 
loop  so  these  disputes  are  more  potentially 
problematic  if  the  local  DSL  provider  is 
involved. . . .  That’s  why  a  smart  enterprise 
negotiator  should  put  specific  speeds  in  the 
contract  —  not  services  such  as  DSL  —  so 
that  carriers  have  to  give  them  a  fractional 
T-1  if  there’s  a  problem  with  the  local  DSL 


ing  experience  on  both  sides. 

But  that’s  just  the  first  step.You’ll  also  need 
to  thoroughly  revamp  how  you  handle 
management  —  not  just  of  the  data  net¬ 
work  but  of  the  company  as  a  whole.  Why? 
Because  one  of  the  second-order  effects  of 
convergence  is  that  it  stresses  the  infra¬ 
structure  as  never  before.  With  conver¬ 
gence,  applications  that  previously  had 
unlimited  access  to  network  and  comput¬ 
ing  resources  now  have  to  compete  for 
resources.  Without  the  tools  and  processes 
to  fairly  allocate  resources  —  and  to  mea¬ 
sure  how  well  those  allocations  are  work¬ 
ing  —  you  run  the  risk  of  having  your  mis¬ 
sion-critical  applications  trample  each 
other. 

For  example,  you’ll  often  hear  that  the 
best  way  to  handle  voice  across  a  con¬ 
verged  network  is  to  give  it  top  priority  That 
works  fine  if  you’ve  configured  your  infra¬ 
structure  so  that  “top-priority”  traffic  has 
bounded  latency  across  the  WAN  —  but 
doesn’t  help  much  otherwise.  So  you’ll 
need  a  service-level  agreement  with  your 
WAN  providers  that  covers  latency,  plus 
tools  that  let  you  validate  that  your  WAN  is 


provider!’ 

Analysts  say  that  there’s  not  much  that  the 
industry  can  do  to  prevent  peering  dis¬ 
putes. 

“These  are  commercial,  bilateral  agree¬ 
ments  that  are  negotiated  on  a  one-off 
basis,”  Thomas  says.  “The  enterprise  doesn’t 
have  any  protection  except  in  the  terms 
and  conditions  of  its  contract.” 

“Some  smaller  ISPs  and  customers  are 
starting  to  scream  about  regulation,  but  get¬ 
ting  the  FCC  involved  in  peering  is  a  bad 
idea,”  Fbsey  says.  “This  is  a  marketplace 
issue.  There’s  no  law  that  says  an  ISP  has  to 
peer  with  anybody  else.  The  ISP  should 
decide  if  they  want  to  or  not.”B 
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performing  adequately 

Moreover,  you’ll  want  to  limit  the  band¬ 
width  available  to  your  voice  traffic  so  an 
unexpected  spike  in  voice  calls  doesn’t 
starve  data  applications.  Yes,  1  know  that 
sounds  counterintuitive.  How  can  any 
application  be  more  important  than  voice? 

But  you  don’t  want  an  unexpected  surge 
in  interoffice  gossip  to  shut  down,  say 
Oracle  Financials  just  as  your  accounting 
team  is  attempting  to  close  the  books  at  the 
end  of  the  quarter. 

Obviously  you’ll  want  to  architect  your 
network  to  set  those  bandwidth  limits 
appropriately  to  ensure  adequate  band¬ 
width  for  your  voice  traffic.  Architecting 
your  converged  network  to  ensure  opti¬ 
mum  performance  for  all  applications  will 
require  close  collaboration  among  your 
voice,  data  and  management  teams. 

Bottom  line?  When  it  comes  to  conver¬ 
gence,  management  matters. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Mani^ng  convergence 
requires  teamwork 
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■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


App  IDS  guards  databases 


HOW  IT  WORKS:  Application  intrusion-detection  ^em 

An  application  IDS  provides  SOL-specific  protection  and  monitoring  for 
databases  and  other  applications. 


Application 

sensor 


Application 

IDS  console 

Perimeter 

firewall 


Application 

server 


Database 


O  Attacker  launches  SQL  injection  attack  via  the  application's  Web  logon  screen. 

B  The  attack  goes  through  the  firewall  to  the  application  server. 

B  The  application  server  asks  the  database  using  SQL  to  look  up  the  database  record  and  evaluate 
the  credentials  submitted. 

Q  The  application  sensor  looks  at  the  SQL  statement  and  sees  it  is  an  attempt  to  fool  authentication. 
B  The  sensor  takes  action,  which  usually  includes  alerting  the  console. 


BY  AARON  NEWMAN 

implications  and  their  back-end  data¬ 
bases  are  increasingly  exposed  to  applica¬ 
tion-level  intrusions, such  as  SQL  injection, 
cross-site  scripting  attacks  and  access  by 
unauthorized  users  —  all  of  which  bypass 
front-end  security  systems  and  attack  data 
at  its  source. 

What  has  emerged  in  response  is  a  new 
level  of  security  —  application  security  — 
that  implements  traditional  network-  and 
operating  system-level  intrusion-detection 
system  (IDS)  concepts  at  the  database  (that 
is,  application)  level.  Unlike  generic  net¬ 
work  or  operating  system  solutions,  appli¬ 
cation  IDS  provides  active,  SQL-specific  pro¬ 
tection  and  monitoring,  protecting  thou¬ 
sands  of  prepackaged  and  homegrown 
Web  applications.  For  example,  application 
IDSs  monitor  and  defend  critical  data 
against  database-specific  attacks  such  as 
buffer  overflows  and  Web  application 
attacks,  and  will  also  audit  these  events. 

mplication  security  differs  from  network 
and  host  security  The  applications  vary  but 
the  attacker’s  goal  is  always  the  same  —  to 
access  the  database.  Since  applications  use 
SQL  to  communicate  with  the  database,  a 
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good  application  IDS  parses  SQL,  providing 
an  objective  layer  of  protection  that  under¬ 
stands  the  traffic  yet  remains  independent 
of  the  application. 

Most  application  IDSs  have  three  compo¬ 
nents.  The  first  is  a  network-  or  host-based 
sensor.  A  network  sensor  is  connected  to  a 
switched  port  analyzer  port,  which  is  con¬ 
figured  to  see  all  traffic  within  a  database.  In 
contrast,  a  host  sensor  resides  directly  on 
an  application.  Sensors  gather  SQL  transac¬ 
tions,  interpret  them  and  determine 
whether  the  traffic  warrants  an  alert.  If  an 
alert  is  necessary  it  is  passed  to  the  second 
structural  component,  a  console  server. The 
server  stores  events  and  is  the  central  point 
for  sensor  maintenance,  such  as  policy  con¬ 
figuration  and  updates.  The  third  compo¬ 
nent  of  an  application  IDS  is  a  Web  brows¬ 
er,  through  which  administrators  can  modi¬ 
fy  IDS  settings,  monitor  events  in  real  time 
and  generate  reports. 

Take  a  SQL  injection  attack,  in  which  an 
attacker  tries  to  bypass  the  SQL  statements 
defined  on  a  Web  server  in  order  to  inject 
his  own  statements.  Assume  the  expected 
input  is  the  user  name  Bob  with  the  pass¬ 
word  Hardtoguess. 

Presented  with  this  input,  the  database 
finds  a  match  with  a  row  in  the  WebUsers 
table  and  thus  the  application  authenti¬ 
cates  the  user.  To  break  in,  a  SQL  injection 
attack  will  trick  the  application  into  believ¬ 
ing  the  correct  credentials  were  submitted. 
Let’s  assume  the  attack  uses  the  password 
‘blah’  OR  ‘A=‘A  so  the  attack  SQL  statement 
created  would  be:  SELECT  *  FROM 
WebUsers  WHERE  Username=‘Bob’  AND 
Password=‘blah’  OR  A=‘A. 


Evaluated  logically  ‘A’=  ‘A  is  always  TRUE, 
thus  the  WHERE  clause  now  matches  all 
rows,  and  the  attacker  is  validated  by  the 
application  even  without  a  correct  user 
name  or  password.  The  application  server 
accepts  the  input  and  is  fooled  into  allow¬ 
ing  the  attacker  past.  In  doing  so,  the  appli¬ 
cation  server  requests  data  from  the  data¬ 
base  through  SQL  commands. 

With  an  application  IDS  in  place,  the  sen¬ 
sor  gathers  the  SQL  commands,  decipher¬ 
ing  what  tables  and  columns  are  being 
accessed  in  the  database  and  if  it  is  “nor¬ 
mal”  or  an  attack.  If  the  action  is  not 


allowed  by  the  IDS  policy  the  sensor  deter¬ 
mines  the  threat  level  of  the  attack  and 
takes  action,  usually  by  alerting  an  admin¬ 
istrator’s  console  and/or  via  e-mail. 

This  is  just  one  example  of  the  kind  of 
application-layer  attacks  companies  are 
facing  today  By  implementing  an  applica¬ 
tion-level  IDS  to  protect  this  vulnerable 
data,  organizations  can  protect  against  the 
latest  attacks  and  threats. 

Newman  is  CTO  and  founder  of 
Application  Security,  Inc.  He  can  be  reached 
at  anewman@appsecinc.com. 


We  have  a  collection  of  books  and  papers  we 
want  to  track  and  check  In  and  out  like  a  real 
library.  Ideally,  the  system  would  be  accessi¬ 
ble  over  the  Internet  and  allow  for  the  use  of 
a  bar-code  scanner  to  simplify  the  check-in 
and  check-out  process.  Commercial  library 
solutions  we  have  looked  at  are  more  expen¬ 
sive  than  what  we  can  afford,  and  they  don’t 
seem  flexible  enough  to  support  our  In-house 
naming  conventions.  Is  there  any  open 
source  or  moderately  priced  software  that 


might  fit  our  needs? 

Try  Koha  (www.koha.org),  an  open  source  integrated 
library  system  released  in  early  2000  and  backed  by  an 
active  development  community.  Koha  runs  best  on 
Linux  platforms  behind  an  Apache  Web  server,  and  uses 
MySQL  for  database  storage.  Koha  is  installed  through 
a  straightforward  script,  included  in  the  distribution. 
Once  up  and  running,  you  will  have  to  prepare  your  list¬ 
ings  for  import  into  the  Koha  library  system.  Libraries 
typically  use  machine-readable  cataloging  record  for¬ 


mats  for  the  representation  and  communication  of  bibli¬ 
ographic  and  related  information  in  a  machine-readable 
form.  The  program  MarcEdit,  available  at  www.network- 
world.com,  DocFinder:  9327,  has  tools  for  getting  your 
listings  into  the  right  format  for  Koha  import.  Koha  also 
supports  tracking  bar  codes  and  can  be  used  with  sev¬ 
eral  different  scanners. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@changeat 
work.com. 
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Obsessed  with  music,  Outlook  list 


GEARHEAD 


This  week  we  take  a  break  from 
our  current  VoIP  obsession  and 
instead  focus  on  some  of  our  other 
obsessions. 

Music,  for  example.  We  have  a  large 
collection  of  digitized  music  and 
wed  like  to  preserve  the  context  of 
INSIDE  THE  an  album’s  context.  It’s  irritating  to  lis- 
NETWORK  ten  to  an  album  we’ve  ripped  where 
MACHINE  the  tracks  on  the  original  flowed 
from  one  to  the  next  and  the  player 
Mark  Gibbs  pauses  between  each  track  because 
they  were  ripped  into  separate  files. 

Of  course  you  could  rip  the  album  to  a  single  file  but  then 
you  would  not  be  able  to  easily  find  the  start  of  any  partic¬ 
ular  track.  In  short,  your  choices  are  imperfect  playback  or 
unmanageable  content. 

If  you,  like  us,  have  theorized  about  a  standard  to  fix  this, 
theorize  no  longer.  A  group  called  IDS  (www.id3.org)  is 
working  on  a  proposal  to  add  table  of  contents  and  chap¬ 
ter  data  to  any  file  that  uses  the  IDS  tag. 

The  IDS  tag  is  a  data  structure  that  is  commonly  used  in  a 
number  of  audio  file  formats,  including  MP3,  AAC,  WMA 
and  OggVorbis,and  stores  meta-information  such  as  artist, 
album  and  release  date.The  entire  IDS  tagging  scheme  is  a 
de  facto  standard  and  can  be  applied  to  any  file,  although 
its  use  outside  of  audio  is  rare. 

IDS  tags  are  prepended  as  the  file’s  header  and  the  reason 
they  don’t  interfere  with  the  original  contents  is  any  code 


that  parses  data  is  supposed  to  ignore  data  structures  it 
do^n’t  understand. 

IDS  Version  1  was  limited  in  the  amount  of  data  it  could 
store  (all  data  fields  were  of  a  fixed  length  and  totaled  128 
bytes),  but  Version  2  tags  are,  in  comparison,  huge  (as  large 
as  256M  bytes). Version  2  tags  consist  of  a  series  of  chunks 
of  data  called  frames  (in  common  with  MP3  data  struc¬ 
tures),  and  each  frame  can  be  as  much  as  16M  bytes  in  size. 

There  is  even  support  for 
synchronized  lyrics  and  audio 
encryption. 


There  are  no  restrictions  on  what  kind  of  data  can  be 
stored  in  IDS  Version  2  frames  so  anything  from  raw  text 
(Unicode  is  supported)  to  images  and  even  program  code 
can  be  embedded.There  is  even  support  for  synchronized 
lyrics  and  audio  encryption. 

Anyway,  what  got  us  excited  was  the  proposal  for  table  of 
contents  and  chapter  frames  (www.networkworld.com, 
DocFmder:  9340). In  this  scheme  chapter  frames  define  the 
start  and  end  of  a  chapter  in  the  content  as  well  as  an 
optional  title,  related  URLs  and  so  on.  Table  of  content 
frames  can  list  either“child”tables  of  content  (which  allows 
for  hierarchical  structures)  or  chapters.There  also  is  a  field 
to  indicate  whether  the  listed  chapters  are  ordered,  that  is, 
to  be  treated  as  sequential  and  continuous. 


Obsession  No.2  is  actually  a  question:  In  Outlook  2003  we 
had  a  distribution  list  that  was  imported  from  another  copy 
of  Outlook.The  problem  is  internal  data  architecture  issues 
mean  when  you  move  a  list  from  one  machine  to  another 
you  lose  the  individual  list  entries.  And  when  you  use  these 
corrupted  entries  you  get  the  terribly  useful  message  “An 
unexpected  error  has  occurred.”  You  have  to  delete  the 
offending  distribution  lists  and  recreate  them. 

But  if  you  use  the  same  name  for  the  new  distribution  list 
the  automatic  name-checking  feature  will  find  the  old  dis¬ 
tribution  list  details  from  some  internal  cache.  This  list  in 
fact  points  to  nothing  so  if  you  accept  the  entry  and  then 
try  to  send  your  message  you’ll  get  that  unexpected  error. 

To  get  around  this  you  have  to  go  to  the  address  book  to 
use  the  new  version  of  the  distribution  list.  After  that  it 
seems  the  old  version  of  the  list  is  purged  from  this  mys¬ 
terious  cache  and  automatic  name  completion  will  pro¬ 
vide  the  new  distribution  list.  Of  course,  there’s  a  catch. 
When  you  restart  Outlook  the  old  cache  appears  to  be 
reinstated. 

So,  our  question  is  how  do  you  either  purge  the  old 
cached  contents  used  by  the  automatic  name-completion 
feature  or  force  the  updated  cache  contents  to  be  flushed 
to  disk  to  be  used  by  automatic  name  completion  when 
Outlook  next  starts? 

Your  answer  on  a  virtual  postcard  to  gearhead@gibbs.  com 
and  carpe  ^ibbsblog  (www.networkworld.com/weblogs/ 
gibbsblog/)! 


GoolTools 


mode.  Its  not  quite  plug-and-play 
when  it  comes  to  PC  connectivity 
Grade:  ★★★★  (out  of  five) 


Quick  takes  on  high-tech  toys.  Keith  Shaw 


lire  scoop:  FireStore  FS4  DV  hard  drive,  by  Focus,  about  $750 
What  it  is:  This  is  a  FireWire  hard  drive  that  can  be  used  to  capture 
digital  video  (DV)  direct  from  a  video  camera  in  uncompressed 
video  formats,  including  Windows  AVI,  RawDV  and  QuickTime.  This  eliminates  the 
need  for  tapes,  and  subsequently  the  need  to  capture  video  from  tape  to  computer 
prior  to  editing.  Editors  can  connect  the  FS4  to  a  PC  via  a  second  Fire’Wire  port  on 
the  device  and  edit  directly  from  the  drive  —  there’s  no  need  to  transfer  the  video 
to  a  local  hard  drive  first.  It  comes  with  a  40G-  or  80G-b54e  hard  drive,  and  has  a 
rechargeable  lithium  ion  battery  that  lasts  roughly  90  minutes.  A  professional  version 
(about  $300  to  $500  more)  of  the  FireStore  FS4  includes  support  for  a  few  extra 
video  formats. 

Why  it’s  cool:  We  used  the  FireStore  FS4  to 
capture  highlights  of  the  recent  DemoFall  trade 
show.  In  the  past  this  meant  recording  about  30 
minutes  of  video  to  tape,  then  capturing  the 
same  30  minutes  from  tape  to  PC  (which  is  a 
real-time  process),  then  start  editing.  With  the 
FS-4,  we  just  plugged  it  into  our  PC’s  FireWire 
port  and  started  editing.  The  disk  access  even 
seemed  faster  than  what  we  get  with  our  local 
drive.  In  total,  it  cut  down  production  time  by  at 
least  an  hour  —  key  when  you’re  trying  to  turn 
something  around  quickly 
Some  caveats:  The  screen  on  the  FireStore  FS4 
can  be  hard  to  read  in  certain  lighting  conditions. 
And  the  myriad  of  menu  options  can  be  a  bit  con¬ 
fusing,  especially  when  switching  to  PC  hard-drive 


The  i7  Gerdless  Laser  Mouis 
comes  with  two  i 
batteHes. 


The  FireStore  FS4  saved  us 
tons  of  time  in  our  video 
shoots. 


The  scoop:  G7  Cordless  Laser 
Mouse,  by  Logitech,  about  $100 

What  it  is:  Designed  for  PC 
gamers  and  graphic  artists  who 
want  extremely  sensitive  mousing  abili¬ 
ties,  the  G7  Cordless  Laser  Mouse  offers 
three  settings  (400,800  or  2,000  dots  per  inch).The  laser 
capabilities  of  the  mouse  will  let  you  operate  it  on  more 
surfaces  (including  glass)  than  an  optical  mouse. 

The  G7  mouse  also  includes  a  base  station  (connected  to  a  PC  via  USB  cable)  that 
doubles  as  a  battery-charging  station.The  mouse  comes  with  two  removable  lithium 
ion  batteries  that  you  can  pop  right  into  the  underside  of  the  mou.se. 

Why  it’s  cool:  To  modify  an  old  cliche,  once  you  laser  mouse  you’ll  never  go  back 
to  optical.The  control  capabilities  and  the  ability  to  mouse  on  any  surface  make  this 
mouse  a  class  above  optical.  In  addition,  the  design  of  the  mouse  is  extremely  com¬ 
fortable,  cradling  my  hand  much  better  than  a  regular  mouse.  Being  able  to  switch 
resolution  settings  on  the  fly  (through  the  “T’ and  “-"buttons  on  the  mouse)  was  a  fun 
feature,  although  we  tended  to  stick  to  the  resolution  that  creates  little  mouse/hand 
movement.  Even  cooler  was  being  able  to  hot-swap  the  batteries  —  with  our  current 
laser  mouse,  we  always  forget  to  place  it  back  into  the  recharging  station  until  it’s 
on  fumes.  At  $100  this  is  a  high-end  mouse,  but  if  you  or  someone  you  know  does  a 
lot  of  mousing,  either  through  gaming  or  by  the  nature  of  their  job,  it’s  well  worth  the 
price  for  the  accuracy  and  comfort  that  the  G7  provides. 

Grade: 

Shaw  can  be  reached  at  kshaw@nww.com.  Multimedia  Editor  Jason  Meserve  con¬ 
tributed  to  this  article. 
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Are  you  Ready  for  your  next  Transformation? 

Find  strategic  insight  and  high-impact  solutions  to 
your  IT  challenges  with  7  dedicated  tracks: 
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REGISTER  NOW  for  special  $695  conference  rate  available  until  October  31. 
Call  800.605.5849.  Visit  www.idclTexpo.com  for  conference  details. 
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Two  industry  insiders  debate  whether  users  are  better  off  with  smart  or  dumb  networks. 


Are  smart  networks  worth  tho 
investmenti* 


Yes 

Rob  Bedford 

Cisco 


Ho 

Evan  Kaplan 

Aventail 


Investments  in  smart  networks  quickly  pay  dividends  across  the  company  because 
the  network  is  the  single  element  that  touches  all  the  components  of  IT  infrastruc¬ 
ture.  An  intelligent  network  makes  everything  it  touches  more  valuable. 

Investing  in  built-in  intelligent  network  features  rather  than  bolt-on  point  products 
generates  big  returns  on  two  fronts.  First, you  gain  valuable  capabilities  to  improve  your 
business  processes.  Second, you  reap  vast  economies  of  scale  through  network-wide  IT 
resource  sharing  and  virtualization. 

The  new  capabilities  derive  from  having  functions  embedded  in  the  network  that  can 
intercommunicate  and  trigger  desirable  actions.  Only  by  integrating  functions  into  a 
holistic  system  that  breaks  down  the  barriers  between  isolated  layers  of  the  IT  infra¬ 
structure  can  your  IT  system  function  in  a  way  that  is  greater  than  the  sum  of  its  parts. 

For  example,  application-layer  intelligence  enables  business-activity  monitoring  that 
provides  visibility  into  the  processing  of  all  transaction  elements.  A  network  with  built- 
in  application  fluency  can  reconstruct  a  business  object,  parse  its  individual  fields,  and 
then  log  it,  route  it,  transform  it,  or  enforce  business  or  security  policy 
This  ability  to  couple  applications  and  network  infrastructures  will  be  fundamental 
as  companies  move  to  serviceoriented  architectures.  For  instance,  a  credit-monitoring 
process  could  be  easily  integrated  with  a  purchase  order  processing  function  so  that 
changes  in  a  company’s  credit  rating  could  immediately  initiate  a  change  in  purchase 
order  approval  —  without  having  to  modify  existing  application  software. 

When  information-sharing,  security  application  and  policy  functions  can  be  embed¬ 
ded  in  the  network,  a  wide-ranging  ROl  follows.  Whereas  a  dollar  spent  on  a  server  buys 
only  server  resources,  a  dollar  invested  in  the  network  for  server  virtualization,  for  exam¬ 
ple,  buys  more  efficient  server  resources  plus  more  efficient  storage  resources,  lower 
application  integration  costs  and  lower  IT  operating  costs.  Server  virtualization  in  the 
network  enables  a  server  switch  to  decompose  integrated  servers  into  resource  pools  of 
CPU,  memory  I/O  and  storage.  These  resources  then  can  be  recomposed  into  virtual 
servers,  thus  allocating  the  right  resources  to  each  business  function. 

This  capability  is  dynamic;  a  server  failure  or  temperature  alarm  could  trigger  the  net¬ 
work  to  take  a  server  offline,  reload  a  standby  server  in  another  rack  with  the  correct 
image  from  the  SAN,  reconfigure  the  load  balancer  and  bring  this  replacement  virtual 
server  back  online. 

Single-resource  investments  benefit  a  single  aspect  of  the  IT  infra¬ 
structure,  while  a  network-based  investment  benefits  the  whole.  In¬ 
telligent  features  will  make  their  way  incrementally  into  corporate  net¬ 
works.  As  a  strategic  direction,  though,  companies  should  recognize 
that  their  network  is  their  most  flexible  and  extensible  IT  asset.  It  makes 
sense  to  hone  it  as  the  platform  that  will  have  the  most  profound  affect 
on  business  processes. 

Red  ford  is  vice  president  of  product  and  technology  marketing  at  Cisco. 

He  can  be  reached  at  rredford@cisco.com. 


Network  intelligence  as  promoted  by  the  large  network  vendors  is  the  Star  Wars 
defense  system  of  our  time  —  monolithic,  vulnerable  and  inherently  unreli¬ 
able.  Proponents  of  smart  networks  want  to  extend  their  hegemony  by  incor¬ 
porating  application  performance  and  security  into  a  unified,  super-intelligent  infra¬ 
structure.  They  want  to  integrate  everything  into  the  network  and  embed  security 
into  every  node.  In  theory  you  would  then  have  centralized  control  and  strong 
perimeter  defense. 

While  on  the  surface  this  sounds  rea^nable,  a  deeper  look  reveals  that  this  kind  of 
approach  presents  significant  risk  for  users  and  service  providers.  It  runs  counter  to  the 
clear  trends  in  network  communication,  such  as  today’s  radical  growth  in  broadband 
and  wireless  networks,  and  increased  virtualization  of  corporate  networks  through  use 
of  public  infrastructure.  As  a  result  of  these  trends,  much  network  traffic  is  accessing 
corporate  data  centers  from  public  networks  rather  than  the  private  LAN,  and  the 
boundaries  of  the  enterprise  are  expanding.  Companies  must  grow  by  embracing  these 
trends  and  fully  leveraging  public  infrastructure  and  the  power  of  the  Internet. 

Network  vendors  are  right  in  recognizing  and  trying  to  address  the  two  fundamental 
challenges  of  network  communications:  application  performance  and  security 
However,  they  are  wrong  in  believing  the  best  way  to  address  these  concerns  is  to  inte¬ 
grate  application  performance  and  security  into  the  underlying  network. 

The  alternative  is  to  avoid  building  increasing  intelligence  into  the  physical  network, 
which  1  call  the  connectivity  lane,  and  building  it  instead  into  a  higher-level  plane  I  call 
the  intelligence  plane. 

The  connectivity  plane  covers  end-to-end  network  connectivity  in  its  broadest  sense, 
leveraging  IPv4  and  eventually  IPv6.This  plane’s  characteristics  are  packet-level  perfor¬ 
mance  and  high  availability  It  is  inherently  insecure  but  incredibly  resilient.  The  con¬ 
nectivity  plane  should  be  kept  highly  controlled  and  standardized,  because  it  is  heavy 
to  manage  and  expensive  to  build  and  update.  It  should  also  be  kept  dumb,  with 
change  happening  slowly 

Conversely  the  intelligence  plane  is  application  centric  and  policy  driven,  and  is  an 
overlay  to  the  connectivity  plane.  The  intelligence  plane  is  where  you  build  relation¬ 
ships,  security  and  policy  because  it  is  flexible  and  cost  effective.This  plane  is  network 
independent,  multi-vendor  and  adaptive,  delivering  applications  and 
performance  across  a  variety  of  environments,  systems,  users  and 
devices.  The  intelligence  plane  allows  you  to  extend  the  enterprise 
boundary  using  readily  available  public  infrastructure.  Many  service 
and  product  vendors  offer  products  that  address  the  core  issues  of 
security  and  performance  on  the  intelligence  plane. 

Connectivity  vendors  should  focus  their  efforts  on  building  faster,  eas¬ 
ier  to  manage  and  more  reliable  networks.  Smart  networks  are  good  for 
vendors,  not  customers. 

Kaplan  is  CEO  of  Aventail.  He  can  be  reached  at  eDank@aventail.com. 


iiww.com 

Have  your  say 

What's  your  opinion?  Log  on  to 
NetworkWorld.com  and  let  us  know. 
Face-off  authors  Rob  Redford  and  Evan 
Kaplan  m\\  respond  to  your  comments. 
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IS  YOUR  DATA'S  VULNERABILITY  KEEPING  YOU  UP  AT  NIGHT? 

IF  IT  ISN'T  SECURED  INSIDE  THE  PERIMETER,  IT  SHOULD. 

If  your  data  could  talk,  you’d  get  an  earful.  It  would  tell  you  that  its  value  on  the  open  market  has  sky-rocketed.  And  a  data  breach 
inside  the  perimeter  might  be  just  around  the  corner.  If  it  happens,  it  could  cost  millions.  Not  to  mention  reputations.  That's  why 
there’s  EpiForce™  from  Apani  Networks™.  It’s  built  from  the  ground  up  to  secure  data  inside  the  perimeter. 

No  matter  what  platforms  you  use.  That’s  good  news  for  your  enterprise.  And  a  good  night’s  sleep  for  you. 


Apani 


To  learn  more  about  securing  Inside  the  network  perimeter,  get  a  free  copy  of  "The  Definitive  Guide  to  Security  Inside 
the  Perimeter"  from  realtimepubtishers.com,  sponsored  by  Apani  Networks.  Go  to  www.apani.com/nwguide 
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Managed  security 
service  providers 
prep  for  debate 

For  a  growing  number  of  customers,  the  best  solution  to 
the  problem  of  network  security  is  handing  it  off  to 
someone  else. 

That’s  why  managed  security  services  are  among  the 
fastest-growing  service  offerings  today  Customers  are 
embracing  them  because  the  services  free  them  from  many 
security  headaches,  while  at  the  same  time  reducing  the 
strain  on  staff  resources  and  investment  in  new  equipment 
and  software.  Service  providers  love  the  services  because 
they  offer  a  new  way  to  glean  revenue  and  profits  from  the 
enterprise  customers  that  are  normally  bashing  them  over 
the  heads  for  rate  cuts  on  voice  and  data  products. 

If  you’re  considering  outsourcing  security  to  a  service 
provider,  then  you  won’t  want  to  miss  the  special  session 
Network  World  will  be  hosting  at  the  ComNet  Summit  in 
Washington,  D.C.,  on  Nov.  30  (www.comnetexpo.com).  Our 
Managed  Security  Service  Provider  Showdown  will  bring 
together  four  leading  security  service  providers  in  a  presi¬ 
dential-style  debate  on  technology,  pricing,  support,  geo¬ 
graphic  reach  —  in  short,  all  the  key  elements  you’ll  need  to 
examine  in  choosing  a  managed  security  service  provider. 

I’ll  be  hosting  this  Showdown  along  with  Forrester  Re¬ 
search  Analyst  Paul  Stamp,  one  of  the  leading  experts  in  this 
marketplace.  Stamp  and  I  have  selected  companies  that  rep¬ 
resent  very  different  approaches  to  providing  managed  secu¬ 
rity  services  so  attendees  can  get  a  better  understanding  of 
the  range  of  solutions  available. 

We  initially  invited  MCI,  Symantec,  Electronic  Data  Systems 
(EDS)  and  Counterpane  Internet  Security  to  take  part  in  the 
debate.  MCI  and  Counterpane  quickly  signed  on  and  we’re 
awaiting  confirmation  from  EDS.  Symantec,  on  the  other 
hand,  turned  us  down  flat  with  no  clear  explanation  of  why  it 
won’t  stand  up  with  the  other  companies.  So  we  invited 
Internet  Security  Systems  to  take  Symantec’s  place  and  ISS 
grabbed  the  opportunity 

We’ll  ask  the  vendors  questions  about  their  offerings,  and 
then  we’ll  let  these  companies  ask  each  other  questions.The 
goal  is  to  quickly  drill  down  to  the  differences  between  com¬ 
panies  to  help  buyers  make  better-informed  decisions. 

By  hearing  how  these  company  executives  answer  ques¬ 
tions  about  the  security  problems  they  handle,  how  they 
price  and  deliver  services,  and  where  they’re  headed  for  the 
future,  you’ll  learn  which  company  and  philosophy  is  right 
for  you. 

.loin  us  at  this  Showdown  and  let  me  know  in  advance 
which  questions  you’d  like  us  to  ask  our  debaters. 

—  John  Gallant 
Editorial  director 
jgallant@nww.  com 


ODinkNis 


Keep  it  simple 

Regarding  “WMM  addresses  quality  of  service” 
(www.networkworld.com,  DocFinder:  9325):  Re¬ 
member  the  strengths  of  the  IP-stupid  network  vs. 
the  legacy  telco  circuit-switched  smart  network.  If 
your  application  has  latency  problems,  isn’t  it  bet¬ 
ter  to  rewrite  (fix)  your  application,  rather  than 
rewrite  (fix)  your  network? 

Seems  to  me  QoS  adds  a  lot  of  complexity.  The 
IP  revolution  is  founded  on  KISS  —  Keep  it  sim¬ 
ple,  stupid. 

Remember,  the  smart  telco  network  gave  us  128- 
parameter  modems,  and  we  had  to  wait  for  Hayes 
to  set  up  a  “standard  128  defaults”  for  modems. 
Let  us  not  go  back  there. 

Brandon  Fonts 
Senior  systems  engineer 
Puget  Sound  Regional  Council 
Seattle 

More  IT  truths 

Regarding  Mark  Gibbs’  BackSpin  column:  “The 
truth  about  IT”  (DocFinder.  9326):  I’m  the  technol¬ 
ogy  coordinator  for  a  K-12  school  district  (just  over 
1 , 100  students  and  120  stafO- 1  feel  there  are  a  cou¬ 
ple  of  truths  about  IT  that  got  left  out,  based  on 
what  I  see  in  my  own  little  world. 

Truth  No.  7:  Users  have  unrealistic  expectations 
of  IT  All  technology  is  expected  to  have  100% 
uptime,  run  at  blazing  speeds  and  do  what  the 
user  wants  it  to  do,  not  what  the  user  told  it  to  do. 
Going  along  with  these  unrealistic  expectations 
are  users  who  don’t  know  what  they  have  or  what 
it  does,  but  insist  on  needing  better  equipment  — 
even  though  they  don’t  use  their  current  equip¬ 
ment  to  its  potential. 

Truth  No.  8:  Everything  wrong  is  IT’s  fault.  Lights 


flickered?  IT’s  fault.  Program  had  unexpected 
results?  IT’s  fault.  Coffee  tastes  too  weak?  The  IT  guy 
must  have  done  something  to  that,  too. 

In  some  small  part,  I  disagree  with  Gibbs’  Truth 
No.  5  —  I  don’t  think  security  is  a  pipe  dream.  It’s 
just  that  the  more  secure  we  make  something,  the 
more  determined  someone  else  is  to  hack  it.  Of 
course,  you  can’t  forget  the  users  who  will  always 
figure  out  a  way  of  goofing  up  your  security  — 
although  usually  it’s  by  doing  something  with  unin¬ 
tended  results. 

Jason  Brabander 
Hutchinson,  Kan. 

One  of  Mark  Gibbs’ “truths  about  IT”  is  that  securi¬ 
ty  is  a  pipe  dream.  1  would  amend  that  to  say  perfect 
security  is  a  pipe  dream,  in  IT  as  well  as  other  areas 
of  life.  We  want  computers  to  be  perfect  while  we 
are  willing  to  accept  that  the  risk  of  being  killed  on 
the  freeway  is  very  real.  We  can  manage  and  reduce 
risk,  but  not  eliminate  it.  Security  itself  becomes  a 
problem  if  we  try  to  remove  all  risk  —  like  some 
people  try  to  do  with  air  travel  —  rather  than  man¬ 
age  and  reduce  it. 

Gerald  Edgar 
Renton,  Wash. 

Hallelujah!  Mark  Gibbs’  “The  truth  about  IT” 
states  what  I  have  said  for  years.  If  I  were  collect¬ 
ing  a  salary  and  working  only  30  hours  a  week,  it 
would  be  called  larceny.  But  if  I  work  50  hours  for 
that  same  salary,  I’m  a  “company  man!”  Being 
forced  to  go  the  extra  mile  is  nothing  more  than 
institutional  larceny. 

David  M.Babineau 
West  Boylston,  Mass. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Readers  respond 

Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  1030 
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USER  VIEW 
Chuck  Yoke 


The  Ten  Years  h&i  Blues  -  not! 


In  the  song  “Ten  Years  Ago,”  blues  singer  Buddy 
Guy  laments,  “Oh,  1  would  like  to  go  back  10 
years.”  The  thought  of  going  back  to  1995  is 
intriguing,  as  it  was  an  interesting  time  in  net¬ 
working. 

The  1995  networking  world  was  vastly  different 
than  the  one  I  support  today  Instead  of  variations 
of  Ethernet,  my  team  had  to  support  Ethernet, 
token-ring  and  bisynchronous  networks.  Our 
cabling  infrastructure  contained  ThickNet  and 
ThinNet  coax  cables,T3T3e  1  shielded  twisted-pair. 
Type  3  unshielded  twisted-pair  and  twinax 
cabling.  As  part  of  our  infrastructure  support  we 
installed  the  appropriate  connectors,  so  our  tool 
kits  contained  drills  for  ThickNet  vampire  taps, 
crimpers  for  RJ-45  connectors  and  channel  locks 
for  Type  1  connectors.  We  carried  various  punch- 
down  tools,  tone  generators  and  yellow  “banana 
probes”  to  support  the  phone  connections. 

In  1995,  we  migrated  our  WAN  from  bridge- 
based  56K  bit/sec  point-to-point  connections  to  a 
router-based  frame  relay  infrastructure.  IP  was  far 
from  ubiquitous  and  protocols  such  as  DECnet, 
LAX  SNA,  IPX  and  NetBEUI  had  to  be  supported. 
We  needed  to  understand  IP  subnets,  DECnet 
Level  1  and  2  routing,  IPX  SAP  update  parameters, 
LAT  timers,  and  SNA  LU  and  PU  addressing  to 


create  the  proper  router  configurations. 

In  1995  there  was  little  separation  between 
WAN,  LAN,  server  operating  systems  and  desktop 
support.  It  was  all  network  —  so  we  supported  it 
all.Windows  NT  was  making  headway  in  the  serv¬ 
er  world,  but  OS/2  LAN  Server  held  a  larger  mar¬ 
ket  share  and  Novell  was  the  acknowledged  king 
of  the  network  operating  system.  Desktops  had  to 
be  configured  to  connect  to  NetBEUI-based  NT 


Celebrating  10  years  of  NetworkWorld.  com. 
Log  on  and  tell  us  what  you  were  doing  a 
decade  ago.  DocFinden  9341. 


and  OS/2  servers,  IPX-based  Novell  servers,  SNA- 
based  AS/400s  and  IP-based  Internet  access.  We 
also  had  to  support  the  marketing  group  that  in¬ 
sisted  on  using  Macintoshes  running  AppleTalk 
over  LocalTalk.  And  there  was  the  gray-suit  techie 
wannabe  who  needed  support  for  an  application 
called  Mosaic  that  accessed  something  called  the 
World  Wide  Web.  We  knew  that  was  going  to  be  a 


waste  of  time. 

Plug  and  play  was  a  new  concept,  so  we  manu¬ 
ally  created  the  appropriate  config.sys  and 
autoexec.bat  files  to  load  the  correct  drivers  in 
the  right  order.  Many  of  the  desktops  had  multiple 
network  interface  cards  that  required  us  to  con¬ 
figure  dip  switches  to  prevent  memory  or  inter¬ 
rupt  conflicts.  We  also  supported  modem  banks 
for  dial-in  connections,  so  we  had  to  understand 
V32,  V32bis  and  V34  to  configure  the  various 
modem  scripts. 

Today  much  has  changed.  IP  and  Ethernet  have 
become  ubiquitous.  Microsoft  won  both  the  serv¬ 
er  and  desktop  wars.  And  the  World  Wide  Web 
dominates  Internet  networking. 

Vendors  install  all  my  cabling.  I  haven’t  seen  a 
dip  switch  or  modem  bank  in  years.  I  have  no  idea 
where  to  find  the  config.sys  and  autoexec.bat  files 
on  my  Windows  XP  laptop.The  only  banana  I  care 
about  is  in  my  lunch  bag,  and  my  memory  con¬ 
flicts  are  confined  to  misplaced  car  keys. 

Sorry  Buddy  you  may  want  to  go  back  10  years, 
but  1  think  I’ll  stay  right  here. 

Yoke  is  director  of  strategy  and  architecture  for 
a  global  travel  and  real  estate  corporation.  He 
can  be  reached  at  ckyoke@yahoo.com. 


TELECOM  CATALYST 

Daniel  Briere 


Where's  Walt  Disney  when  you  need  him? 


Unless  you  are  a  hard-core  Disney  buff  like 
me,  you  probably  don’t  know  much  about 
the  origins  of  Disney  World  and  the  whole 
philosophy  that  Walt  Disney  was  trying  to  bring  to 
urban  design.  Disney’s  original  Disneyland  had  a 
utilitarian  role  of  providing  a  place  where  people 
could  go  and  enjoy  themselves  when  visiting  his 
California  studio.  He  loved  the  idea  that  you  could 
take  a  physical  space  and  transform  it  into  some¬ 
thing  —  such  as  an  amusement  park  that  shut  out 
the  real  world  —  just  as  you  could  put  a  person  in 
a  darkened  room  and  show  a  movie  that  trans¬ 
ported  him  to  a  far-off  land. 

Disney  became  fascinated  with  the  idea  of 
building  “spaces”  and  making  people’s  lives  less 
chaotic  than  they  were.  He  loved  World  Fairs 
because  of  the  future  change  they  foretold.  He 
lobbied  to  be  a  part  of  this  by  getting  corporate 
sponsorships  to  show  his  vision.  The  Carousel  of 
Progress  ride  at  Disney  World  first  appeared  in  the 
1964  World  Fair,  where  it  was  the  GE-sponsored 
pavilion.  The  theme  song,  “There’s  a  Great  Big 
Beautiful  Tomorrovif  talked  about  how  technolo¬ 
gy  was  going  to  change  our  lives. 

But  it  was  not  just  about  technology  for  Disney 
—  it  was  about  reinventing  society  He  was  a  pas¬ 
sionate  urban  engineer,  and  his  first  big  foray  into 
urban  redesign  was  to  be  a  city  called  the  Experi¬ 
mental  Prototype  Community  of  Tomorrow 
(EPCOT).  EPCOT  would  be  a  perfect  city  with 
dependable  public  transportation,  underground 
utility  access  tunnels,  a  huge  soaring  civic  center 
covered  by  an  all-weather  dome  and  model  fac¬ 
tory  environments  that  would  be  concealed  in 


green  belts  of  grass  and  trees.  Everything  would 
be  readily  acce^ible  to  workers  housed  in  idyllic 
suburban  subdivisions  nearby 
He  was  willing  to  put  his  money  where  his  mind 
was.  Disney  was  actually  going  to  build  a  city  of 
the  future  from  the  ground  up.  He  purchased 
thousands  of  acres  in  central  Florida  for  an  “East 
Coast  Disneyland,”  Walt  Disney  World.  He  made  a 
film  showcasing  this  new  city  (www.network 
world.com,  DocFinder:  9324).  Plans,  models  — 
everything  was  prepped  and  ready  when  Disney 
died  in  late  1966.  EPCOT,  where  more  than  20,000 
people  would  live  in  a  perfect  city  of  tomorrow 
and  model  for  urban  change,  died  with  him. 

We  need  our  own  2005 
EPCOT  where  we  can 
reassert  our  technology 
leadership  and  vision. 

Lacking  Disney’s  passion,  Disneyland  East  be 
came  another  amusement  park. 

Fast  forward  to  2005  Korea.  Korea  is  building 
its  own  city  of  tomorrow.  New  Songdo  City, 
where  everything  is  similarly  designed  in  a 
utopian,  centrally  planned  fashion.  All  major 
information  systems  share  data,  trash  cans 
speak  RFID  and  the  baseline  for  communica¬ 
tions  is  a  high-definition  videophone.  More 
than  65,000  people  will  live  and  300,000  peo¬ 
ple  will  work  in  this  technological  and  social 
utopia  of  the  future,  dubbed  a  “ubiquitous  city” 


or  U-City  for  short.  Expected  to  be  complete  in 
2014,  it’s  probably  the  largest  urban  develop¬ 
ment  in  the  world,  and  the  largest  test  bed  for 
technology.  It  is  supported  by  the  government 
and  built  on  top  of  a  national  broadband  infra¬ 
structure  that  also  is  supported  by  the  govern¬ 
ment.  B.  J.  Fogg,  the  director  of  the  Persuasive 
Technology  Lab  at  Stanford  University,  says, 
“New  Songdo  sounds  like  it  will  be  one  big 
Petri  dish  for  understanding  how  people  want 
to  use  technology” 

You  have  to  give  Korea  credit  for  living  the 
vision.  It’s  doing  what  everyone  else  talks  about: 
pushing  the  edges  of  technology’s  impact  on  soci¬ 
ety  by  building  a  society  around  technology 
Imagine  having  an  arena  in  which  to  design,  test 
and  then  adopt  such  productivity  and  socially 
promoting  capabilities. 

A  lot  of  these  new-fangled  ideas  originate  in  the 
US.,  but  there’s  no  Petri  dish  for  us  to  exploit,  no 
regulation-free  zone  for  experimenting  on  the 
masses  of  society  We  need  our  own  2005  EPCOT 
where  we  can  reassert  our  technology  leadership 
and  vision.We  need  a  Walt  Disney. 

Instead,  we  have  a  government  busy  moving 
pieces  around  the  telecommunications  game 
board. Where  are  our  national  plans  for  an  EPCOT 
2014,  our  New  Songdo  City?  I  guess  they’re  on  the 
shelf,  next  to  our  national  alternative  energy  strat¬ 
egy  —  in  the  TBD  section. 

Briere  is  CEO  of  TeleChoice,  a  market  strategy 
consultancy  for  the  telecom  industry.  He  can  be 
reached  at  telecomcatalyst@telechoice.com. 


GOOD  Rf-SPONSl  UG-Berke1ey  When  a 

w,-;-  . .  mi  II I .  laptop  was  stolen  from 

the  graduate  department  that  contained  per¬ 
sonal  information  about  98,400  alumni,  Shelton 
Waggener,  director  of  central  computing, 
launched  an  informational  Web  sitei  now 
emulated  by  other  universities  responding 
to  data  breaches. 


POOR  RESPONSE  ’’f * 

The  Northern  California 
HMO  was  fined  $200,000  in  August  for  failure  to 
properly  investigate  and  report  a  mistake  that 
exposed  a  handful  of  patient  lab  records.  Mary 
Henderson,  vice  president  of  IT  compliance, 
was  not  able  to  determine  who  was  responsible. 


PO'O  H  R  E  S  P  0  N  8  E  CardSystems  • 

Mill . .  Visa  s  vice  president  of 

risk  management,  John  Shaughnessy,  opted 
to  pull  the  plug  on  payment  card  processor 
CardSystems  after  it  violated  card  industry  pay¬ 
ment  standards  set  ahead  of  time  to  prevent 
breaches  such  as  the  one  that  exposed  40  million 
cards  in  June. 


go  o  H  P t"g  •  S  i  University  Of  Connecticut  Following  llu; 

/ ''  June  20  discovery  of  a  rootkit  on  a  system 
housing  personal  information  on  72,000  employees,  students 
and  alumni,  U“Conn  CIO  Michael  Kerntke  oijoncd  his  data 
center  to  the  media  and  explained  to  them,  rn  plain  English,, 
the  level  of  risk  to  the  data  on  the  compromised  server 
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BY  DEBORAH  RADCLIFF 

The  week  he  was  promoted  from  acting  to  permanent  CIO  at  the  University  of 
Connecticut,  Michael  Kerntke  had  his  mettle  tested  by  the  June  20  discovery  of  a  root- 
kit  on  a  system  housing  the  names  and  Social  Security  numbers  of  72,000  employees, 
students  and  alumni. 

An  investigation  found  that  the  rootkit,  an  attacker  tool  for  compromising  computer 
^sterns  without  detection,  hadn’t  been  touched  since  it  was  installed  in  October  2003. 
That  made  it  highly  unlikely  personal  records  were  ever  copied  off  the  server.  Still, 
Kerntke  persuaded  senior  administration  to  err  on  the  side  of  caution  and  go  public 
with  the  breach. 

The  frenzy  had  finally  died  down  that  Friday  but  at  7  p.m.  as  he  neared  his  driveway  in 
his  Chevy  Tahoe,  he  got  another  call  from  his  public  relations  manager. 

A  CHANNEL  3  NEWS  CREW 
WAS  WAITING  FOR  HIM 
BACK  AT  THE  DATA  CENTER 
AND  NEEDED  HIM  TO 
SHOW  THEM  AROUND. 


“1  never  thought  when  I  took  this  job  that  I’d  be  on  TY’ 
^ys  Kerntke,  who  not  only  kept  his  job  despite  the 
breach,  but  also  earned  accolades  from  school  adminis¬ 
trators  for  his  ability  to  communicate  the  extent  of  the 
damage  to  a  non-technical  news  audience  and  to  be 
available  for  interviews  at  odd  hours. 

Facing  the  limelight  is  part  of  the  way  IT  executives’ 
jobs  are  getting  more  challenging  as  a  result  of  new 
rules  to  report  private  data  breaches.There’s  also  the 
other  work  involved  —  the  investigations,  repairs  and 
notifications  arising  from  data  breaches  that  expose  per¬ 
sonal  information.  In  all,  80  such  breaches  went  public 
between  Feb.  15  and  Sept.  29,  according  to  the  Privacy 
Rights  Clearinghouse  (see  www.networkworld.com, 
DocFinder:  8839). 

While  IT  executives  don’t  seem  to  be  losing  their  jobs 
over  the  rising  number  of  publicly  reported  breaches, 
their  companies  are  experiencing  severe  losses,  starting 
with  an  exodus  of  customers  and  customer  loyalty 
According  to  a  September  survey  of  10,000  adults  con¬ 
ducted  by  the  Fbnemon  Institute,  a  privacy  research 
organization,  19%  of  respondents  ended  their  relation¬ 
ships  with  companies  reporting  breaches,  and  58%  say 
they  have  lost  trust. 

Publicly  held  companies  also  suffer  a  5%  stock  drop 
in  the  wake  of  such  a  disclosure,  according  to  the  2003 
study  “The  Economic  Cost  of  Publicly  Announced  In¬ 
formation  Security  Breaches”  published  in  the  Journal  of 
Computer  Security,  knd  the  cost  of  informing  affected 
parties  also  is  expensive,  ranging  anywhere  from  $15  to 
$35  per  victim,  according  to  Jonathan  Penn,  principal 


analyst  for  identity  and  security  at  Forrester  Research. 

But  organizations  can  reduce  their  overall  losses  by 
reporting  breaches  in  a  timely  manner  and  offering 
whatever  help  they  can  to  the  affected  parties,  Penn 
says.  On  the  other  hand,  organizations  can  compound 
their  losses  by  covering  up  and  delaying  reporting,  such 
as  the  case  with  ChoicePoint,  whose  stock  dropped  by 
15%  after  fraud  in  its  system  exposed  145,000  credit 
identities  in  FebruaryAnd  health  maintenance  organiza¬ 
tion  Kaiser  Permanente  was  fined  $200,000  in  August  for 
a  three-month  delay  in  reporting  an  exposure  of  patient 
data  posted  on  a  publicly  accessible  Web  site  used  for 
help  desk  support. 

Start  with  standards 

The  best  response  plan  starts  with  documented  com¬ 
pliance  to  security  standards  mandated  by  a  particular 
industry  If  a  company  hasn’t  met  these  standards  and  a 
breach  occurs,  the  company  faces  regulatory  action. 

Failure  to  adhere  to  security  best  practices  also  could 
result  in  corporate  liability  in  the  advent  of  an  exposure, 
as  in  the  case  of  BJ’s  Wholesale  Club,  which  faces  $13 
million  in  outstanding  claims  by  credit  card-issuing 
banks  trying  to  retrieve  the  costs  of  fraudulent  purchases 
tracked  back  to  accounts  copied  out  of  BJ’s  systems. 
According  to  a  Federal  Trade  Commission  complaint, 
the  retailer  violated  common  security  practices,  includ¬ 
ing  failing  to  encrypt  data,  holding  data  it  shouldn’t  have 
and  failing  to  take  proper  measures  to  prevent  unautho¬ 
rized  access.  In  a  written  statement,  BJ’s  responded  that 
no  conclusive  evidence  of  a  breach  was  found. 


A  similar  violation  of  payment-card  industry  standards 
might  force  CardSystems  Solutions  out  of  business.  In 
June,  CardSystems  reported  that  identity  thieves  had 
hacked  into  a  database  containing  40  million  credit 
card  numbers. 

The  company  admitted  the  data  had  been  improperly 
kept.  As  a  result,  CardSystems  has  lost  two  of  its  three 
biggest  card  associations  — Visa  and  American  Express 
—  and  is  awaiting  a  verdict  from  MasterCard.  According 
to  Penn,Visa  and  American  Express  had  legal  reasons  to 
pull  the  plug  on  CardSystems.  If  they  hadn’t,  they  also 
could  be  held  liable,  he  says. 

“We  had  no  choice  but  to  drop  CardSystems  as  an 
approved  processorj’says  John  Shaughnessy,  senior  vice 
president  of  operations  and  risk  management  at  Visa. 
“They  were  in  clear  violation  of  our  pajmient-process- 
ing  standards.” 

Not  to  mention  the  CardSystems  blunder  also  cost  the 
card  associations  and  the  issuing  banks  millions  of  dol¬ 
lars  in  reparation. 

Determine  the  scope 

For  example, Visa  investigators  have  spent  numerous 
hours  uncovering  the  scope  of  the  damage  for  its 
issuing  banks  by  monitoring  for  and  tracking  fraudu¬ 
lent  transactions  back  to  the  CardSystems  origination 
point,  Shaughnessy  says. 

Shaughnessy  also  had  the  burden  of  supporting  an 
outside  FBI  investigation  into  the  criminal  activity  of  the 
hacker,  which  is  still  ongoing.  As  such,  he  was  required 
by  the  FBI  to  keep  the  breach  under  wraps  so  as  not  to 
scare  off  the  attacker.  But  he  lost  the  luxury  of  time 
when,  on  June  17,  the  story  broke  prematurely  in  the 
Wall  Street  Journal. 

“It’s  important  to  have  an  emergency  response  plan 
in  place  ahead  of  time,”  Shaughnessy  says.  “You  must 
be  prepared  to  track  down  who’s  impacted,  and 
already  have  in  place  who’s  responsible  to  do  what, 
because  when  something  like  this  happens,  you  don’t 
want  to  think  about  what  to  do  and  who  to  contact 
under  pressure.” 

In  another  case,  involving  a  stolen  laptop  at  the 
University  of  California  at  Berkeley  in  March  that  con¬ 
tained  the  unencrypted  records  on  98,400  alumni, 
the  IT  department  coordinated  the  investigation  with 
university  police.  But  because  the  computer  was 
being  used  to  aggregate  data  from  various  sources 
around  campus  to  analyze  graduation  rates,  the  prob¬ 
lem  was  in  reassembling  the  data  in  question,  which 
took  the  graduate  department  several  business  days, 
according  to  Shelton  Waggener,  director  of  central 
computing  at  Berkeley. 

“The  policy  challenge  is  substantial  here,  because  this 
machine  was  in  compliance  with  the  latest  patches  and 
security  updates.  It  wasn’t  hacked.  It  was  ripped  from  its 
mooring,”Waggener  says.“We  were  also  dealing  with  the 
functional  owners  of  the  laptop  who  were  requesting 
the  data,  and  trying  to  determine  new  policies  around 
data  storage  and  access  so  we  could  prevent  this  from 
happening  again.” 

Waggener  chose  to  investigate  first,  then  inform  his 
administration  and  begin  the  process  of  reporting.  But 
if  you’re  in  a  highly  regulated  industry,  the  impetus  is 
to  report  first,  investigate  second. 

“Laws  are  much  more  specific  that  you  report  imme- 
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diately  when  it  comes  to  exposure  of  patient  health 
information,”  says  Lynne  Randolph,  a  spokeswoman 
for  the  California  Department  of  Managed  Healthcare 
(DMHC).The  DMHC  fined  Kaiser  Permanente  in  part 
because  of  the  HMO’s  lag  in  reporting  the  security 
breach. 

From  the  start,  Kaiser  thought  it  was  doing  the  right 
thing  by  investigating  the  posting  of  patient  information 
before  reporting.  And  that  investigation  was  plagued 
from  the  start,  says  Mary  Henderson,  vice  president  of  IT 
compliance  at  Kaiser. The  exposed  data  was  pertinent 
only  to  the  Northern  California  regional  office,  which 
didn’t  involve  the  central  compliance  office  until  after  it 
conducted  its  own  investigation.  And  the  data  in  ques¬ 
tion  —  numbers  identifying  patients,  and  in  four  places 
real  lab  results  embedded  in  sample  troubleshooting 
forms  —  was  nowhere  to  be  found  online. 

“The  No.  1  concern  for  us  was  to  mitigate  immediate 
damage  to  our  customers,”  Henderson  says.“So  our  first 
task  was  to  sort  through  hundreds  of  pages  of  system 
documentation  to  see  if  there  was  any  identifying 
patient  data  in  the  sample  screen  shots  and  reports 
embedded  in  training  materials  we  use  to  help  trouble¬ 
shoot  report  help  desk  calls.” 

The  only  evidence  to  go  on  were  copies  of  the  non- 
compliant  training  pages  posted  on  two  mirror  sites  that 
linked  to  the  blog  of  a  former  employee  who  had  re¬ 
ported  the  violation  to  the  Office  of  Civil  Rights  in 
January  So  Kaiser  also  spent  time  contacting  the  host¬ 
ing  providers  of  the  mirror  sites  to  get  the  material 
taken  down. 

In  the  end,  Henderson’s  team  was  never  able  to  deter¬ 
mine  who  was  responsible  for  the  posted  data,  so  no 
jobs  were  lost  over  this.  But  the  lack  of  evidence,  includ¬ 
ing  the  timeline  of  the  exposure,  made  Kaiser  look  bad 
enough  for  regulators  to  levy  the  fine. 

Sound  the  alarm 

Timely  and  rigorous  notification  is  also  critical  in 
minimizing  your  losses,  says  Forrester’s  Penn,  who 
urges  compliance  managers  to  go  beyond  legal 
requirements  and  include  attempts  to  make  the 
potential  victim  whole,  such  as  offering  credit  moni¬ 
toring  when  called  for.  According  to  the  Ponemon 
survey,  52%  of  those  receiving  notifications  of  a  priva¬ 
cy  data  breach  thought  the  notice  was  difficult  to 
understand,  while  39%  felt  the  message  was  not  hon¬ 
est  and  believable. 

Notification  and  reparation  were  the  most  difficult 
parts  of  the  process,  Berkeley’s  Waggener  says. 

For  starters,  he  explains,  the  graduate  student  infor¬ 
mation  dated  to  1997,  so  it  was  hard  to  find  most  of 
the  affected  parties.  Ultimately  his  team  was  able  to 
e-mail  about  one-third  of  affected  alumni.  Then  the 
university  began  paper  mailings  and  set  up  a  Web  site 
and  a  24/7  call  center  to  reach  the  rest. 

For  the  first  two  weeks,  call  center  lines  lit  up  1,000 
times  a  day  Waggener  says.  Concerned  alumni  asked 
what  this  actually  meant  to  them,  how  the  data  was 
used  and  what  they  could  do  about  it.  Blogs  and 
e-mail  threads  referred  to  the  breach.  Much  of  the 
posts  were  full  of  misinformation,  making  clarity 
among  call  center  operators  even  more  important. 

“We  had  to  write  scripts  on  the  fly  and  update 
them  constantly  due  to  the  misinformation  floating 
around  out  there.  Not  to  mention,  the  criminal  inves- 


Plan  for  a  smooth  recovei^ 

Predefined  response  programs  should  be  implemented  before  a 
security  incident  occurs,  say  IT  executives  who  have  dealt  with  public 
breaches  and  exposures  of  identity  and  financial  data.  Some  regula¬ 
tions  mandate  a  predefined  response  plan,  such  as  Section  501 B  of 
the  Gramm-Leach  Bliley  Act. 

Basic  elements  of  any  response  plan  should  include: 

1.  Report  the  incident  to  regulators. 

2.  Investigate  the  scope  of  the  breach  and  determine  affected  parties. 

3.  When  criminal  activity  is  suspected,  do  a  forensics  backup  and  report  to  law  enforcement. 

4.  Coordinate  with  legal,  executive  and  public  relations  teams.  Brief  them  in  plain  English,  so 
they  can  understand  clearly  and  act  accordingly.  This  is  particularly  important  when  dealing 
with  the  media. 

5.  Inform  affected  parties.  Tell  them  what  their  risks  are  and  how  to  protect  themselves.  Offer 
to  monitor  their  credit  when  ID  theft  is  suspected. 

•  Directly  contact  those  you  can  locate  via  e-mail  and  U.S.  Postal  Service. 

•  Use  the  media  to  contact  those  you  can’t  reach  directly.  ' 

•  Set  up  a  24/7  call  center,  anticipate  questions  and  give  operators  scripts  and  escalation  pro¬ 
cedures,  updating  scripts  as  needed. 

•  Establish  a  Web  site  with  helpful  information,  keep  it  current  and  provide  toots  to  empower 
victims,  such  as  contact  information  for  adding  alerts  to  credit  reports.  Refresh  and  update 
site  as  new  information  comes  in. 

6.  Make  necessary  repairs  to  your  systems;  conduct  system  audits  and  use  the  experience  to 
reinforce  and  train  personnel  handling  sensitive  data. 

—  Deborah  Radcliff 


tigation  into  the  stolen  laptop  was  still  in  motion,” 
Waggener  explains. 

To  quickly  respond  to  the  call  traffic,  Waggener’s 
response  team  selected  an  outside  call  center,  which 
escalated  to  in-house  responders  when  needed.  This 
is  another  thing  he  wished  he  could  have  done  bet¬ 
ter.  Setting  up  the  call  center  during  the  emergency 
and  without  a  negotiated  contract  was  chaotic  and 
costly. 

So  another  lesson  learned  was  to  have  a  negotiated 
contract  in  place  with  a  call  center  for  emergencies 
like  this,  he  says. 

Improve  operations 


ence,  and  use  it  to  make  improvements.  Use  the  inci¬ 
dent  to  re-educate  and  enforce  data  safety  practices 
in  all  personnel,  advises  Kaiser’s  Henderson,  who  used 
the  experience  to  get  funding  for  Web  site  security 
audits  and  to  start  an  encryption  program  for  laptops. 

Since  its  breach,  the  University  of  Connecticut  has 
been  examining  ways  to  reduce  its  reliance  on  Social 
Security  numbers  for  student  identifiers.  It’s  also  been 
auditing  servers  that  contain  and  transmit  sensitive  in¬ 
formation,  and  implementing  more  stringent  network 
and  server  access  controls. 

“You’ll  never  have  a  risk-free  environment,  because 
there  will  always  the  human  element,”  Henderson 
says.“ 


UC-Berkeley’s  ID  Alert  Web  site 
outreach  (DocFinder:  9322)  also  is 
another  valuable  tool  Waggener 
plans  to  keep.  Already  he  says,  a  half 
a  dozen  other  universities  have 
requested  permission  to  use 
Berkeley’s  ID  Alert  site  for  their  own 
education. 

Which  is  the  final  point  IT  man¬ 
agers  make  about  recovering  from  a 
data  breach:  Learn  from  the  expert- 
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Quantifyii^  the  problem 

Check  the  Privacy  Rights  Clearinghouse's 
chronology  to  learn  what  businesses  have 
reported  data  breaches,  the  type  of  breach 
and  the  number  of  individuals  affected, 

DocRnder:  8839 


So  when  the  unforeseen  hap¬ 
pens,  act  responsibly.  Investigate. 
Inform  affected  parties  and  prop¬ 
erly  disclose  to  your  regulators. 
Then  use  it  as  a  learning  opportu¬ 
nity  to  enforce  better  practices 
and  security  standards.” 

Radcliff  is  a  freelance  writer  in 
Northern  California.  She  can  be 
reached  at  deb@radcliff.com. 
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Stors^e  options  abound  in 
the  SMB-based  NAS  market 

BY  JAMES  GASKIN,  NETWORK  WORLD  LAB  ALLIANCE 

The  market  for  network-attached  storage  devices  aimed  at  small  or  midsize 
businesses  suddenly  offers  some  real  choices  with  a  range  of  features.  No 
longer  are  these  devices  just  “boxes  of  disks”  with  little  differentiation. 
Companies  can  choose  units  for  size,  data  redundancy  innovative  back-up 
options,  a  do-it-all  network  unit  or  a  combination  of  these  features. 


We  recently  tested  four  devices  —  Anthology  Solutions’ 
Yellow  Machine  (the  all-in-one  unit),  Infrant  Technologies 
ReadyNAS  600,  Iomega’s  200d  with  REV  drive  and  Netgear’s 
Storage  Central  SC  101.  Newcomer  Infrant  delivered  a  great 
product  that  performs  well  and  provides  a  complete  man¬ 
agement  utility  and  wins  a  Clear  Choice  Award. 

infrant  ReadyNAS  600 

Infrant  has  a  low  public  profile,  but  its  ReadyNAS  600 
box  greatly  impressed  us.  Offering  several  RAID  options,  the 
ReadyNAS  forgoes  the  sleek  and  polished  look  of  Buffalo 
Technologies’  TeraStation  (www.networkworld.com,  Doc- 
Fmden  9323)  for  a  business-like  squat  black  box  with  a  fan 
grill  above  the  hard  drive  LEDs. 

The  ReadyNAS  acts  like  an  older-model  NAS  and  works 
quite  well  when  just  plugged  into  the  wall  and  connected 
to  the  network.  The  default  settings  give  everyone  access 
under  standard  Windows  networking  rules  (\\ReadyNAS\ 
Backup  and  \Media  are  preconfigured)  .The  four  232G-byte 
drives  in  our  test  unit  (see  How  we  did  it,  DocFinder:  9325) 
were  arranged  as  RAID-5,  which  left  about  650G  bytes  of 
free  space  (subtracting  the  RAID  overhead  and  space  set 


It  may  look  like  a  plain  black  box,  but  Intrant’s  ReadyNAS  600 
impressed  us  with  its  complete  management  utility. 


aside  for  folder  Snapshots). 

During  the  installation,  the  device  downloaded  a  firm¬ 
ware  update,  installed  it  automatically  and  returned  to  the 
same  browser  screen  administration  page.  This  was  the 
smoothest  upgrade  of  the  devices  we  tested.  The  system 
even  sent  us  an  e-mail  stating  that  the  newly  upgraded  box 
needed  a  reboot. 

Security  settings  will  cover  small,  medium  and  large  net¬ 
work  customers.  For  small  groups, share-level  security,  with 
or  without  passwords,  is  recommended.  Midsize  groups 
can  use  individual  user  passwords  per  share,  or  group 
accounts.  If  you  have  a  Windows  domain  controller  or 
Active  Directory,  the  ReadyNAS 
relies  on  those  services  for  user 
authentication. 

The  management  utility  FrontView, 
offers  a  setup  Wizard  and  advanced 
configuration  settings.  The  utility  is  a 
standard  left-menu,  tabbed-page-on- 
the-right  layout,  but  at  least  Infrant 
didn't  get  cutesy  with  graphics.  Pages 
have  clear  markings,  and  its  clean 
presentation  didn’t  attract  attention 
to  itself  and  distract  us, 

Genie  Backup  Manager  Version  5.0 
shipped  with  our  test  unit,  but  Version 
6.0  now  ships.  It  worked  quickly  and 
reliably 

A  journaling  file  system  (the  em¬ 
bedded  Linux-based  operating  sys¬ 
tem  distribution  isn’t  revealed)  in¬ 
cludes  disk-write  cache  by  default. 

The  Gigabit  Ethernet  port  supports 
Jumbo  Frames,  which  is  handy  if 
other  devices  also  support  this  proto- 
col.You  can  optimize  performance 
for  i^ple  OS  X  clients,  but  that  will 
lock  out  Windows  clients.  Because  Apple-only  shops  don’t 
have  many  cost-effective  NAS  options,  the  ReadyNAS  may 
make  some  inroads  there. 

E-mail  alerts  can  be  sent  to  up  to  three  addresses,  with  sys¬ 
tem  events  such  as  disk  failure,  quota  violation,  low  disk 


space  and  even  improper  shutdown.  ReadyNAS  includes 
step-by-step  instructions  on  how  to  perform  a  file  system 
check  in  the  e-mail  sent  after  an  improper  shutdown. 

Logs  (system  status  and  health)  contained  a  nice  bal¬ 
ance  of  useful  information  without  overload.  One  click 
e-mails  a  log  page,  and  the  system  sends  an  exact  HTML 
copy  in  the  e-mail.  The  administrative  browser  utility  also 
shows  green, yellow  and  red  lights  in  the  bottom  status  line 
for  the  volume,  individual  disks,  fan,  power,  temperatures 
and  status  of  any  attached  UPS  devices,  giving  users  a  quick 
glance  of  the  system  status. 

To  replace  hard  drives  you  have  to  take  the  case  apart, 
and  drives  are  not  hot  swappable.  RAID  0, 1  and  5  are  sup¬ 
ported,  and  you  can  vary  the  file  system  access  list  by  net¬ 
work  share.  Common  Internet  File  System/Server  Message 
Block  for  Windows  starts  by  default,  AppleTalk  File  Pro¬ 
tocol,  Network  File  System  Version  2  and  3,  HTTRSecure- 
HTTP  and  anonymous  FTP  can  be  included.  Also  sup¬ 
ported  is  Rsync,  a  back-up  protocol  used  by  Linux  and 
Unix.  Streaming  from  the  media  shared  folder  supports  net¬ 
worked  DVD  and  media  players,  with  options  such  as  show¬ 
ing  a  slide  show  or  setting  the  pixel  rate  (480i/480p,  720p  or 
1080i)  for  the  targeted  display 

The  ReadyNAS  has  a  solid  block  of  features  with  a  com¬ 
plete  and  no-nonsense  management  utility  But  the  device 
also  is  fun  for  streaming  music  and  watching  the  various 
disk  LEDs  dance  along  as  the  stored  music  files  unwind 
across  the  striped  disk  array 

Yellow  Machine  P400T 

Those  who  love  putting  everything  in  one  basket  will 
adore  the  Yellow  Machine,  from  Anthology  Solutions.  This 
taxicab  yellow  NAS  box  also  adds  router  and  firewall  fea¬ 
tures  to  its  resume,  and  it  does  every¬ 
thing  fairly  well. 

You  may  blanche  at  the  idea  of 
making  your  file  server  your  router/ 
firewall, but  it  has  been  done  before 
by  Tritton  (DocFinder:  9324)  and 
lOGear  Boss,  and  can  be  handy  for 
certain  situations.  Anthology  updat¬ 
ed  this  idea,  and  the  Yellow  Machine 
shoebox-sized  unit  comes  stuffed 
with  four  hard  disks  (up  to  2T  bytes 
of  total  storage).  Eight  LAN  ports  in 
the  back  make  this  a  router/hub,  the 
security  features  provide  a  firewall, 
and  the  WAN  port  connects  to  your 
broadband  modem. 

Befitting  a  box  that  wants  to  be  the 
center  of  your  network,  installation 
requires  plugging  a  PC  directly  into 
the  Yellow  Machine.  A  storage-only 
mode  turns  off  the  router/firewall 
features,  but  the  eight  LAN  ports  will 
still  work.  Turning  on  the  router/fire¬ 
wall  takes  no  more  effort  than  any 
other  small-business  router,  and  it 
connected  quickly  to  ourYahoo-SBC  DSL  modem,  provid¬ 
ing  Internet  access  within  minutes. 

Anthology  says  the  Yellow  Machine  has  a  double  firewall, 
but  that  is  really  a  proxy  server  for  maximum  control  over 

See  Storage,  page 


f.; 

u 

ill 


if  \r 

r  1' 


I  JV/lACHiKie 


ri  : 


I 

£ 


The  Yellow  Machine  provides  router  and 
firewall  features  in  an  all-in-one  setup. 
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on  the  IT  byte  appliance 
is  $1,300,  and  pricing  for 
the  1.6T  byte  machine  is 

$2,000. 

”3206  bytes,  $1 ,400;  480G 
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drives;  hard  drives  sold 
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flexible;  supports  every 
client  around.  Lose 
some  ease  of  use  with 
the  increased  flexibility. 

Complete  network  in 
one  yellow  box;  server- 
based  backup. 

Easy  Windows  network 
integration,  REV  drive 
for  backup. 

1 

Small,  silent,  new 
technology. 

Cons 

Not  sexy,  just  solid. 

Single  point  of  failure 
for  entire  network. 

Highest  cost  per 
gigabyte  of  all  tested 
units  (but  price  includes 
REV  drive  removable 
storage  backup  feature.) 

Client  installation 
problems;  advantages 
don't  fit  target  market. 

Score 
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data  flowing  through  the  box.  System  security  choices  are 
NAS  only,  router,  firewall  and  proxy.  In  NAS  mode,  the  sys¬ 
tem  follows  standard  Windows  networking  security  set¬ 
tings.  Router  mode  offers  no  security  beyond  standard 
network  address  translation,  similar  to  other  low-end 
routers.  Firewall  mode  adds  a  basic  stateful  packet  in¬ 
spection  feature.  Proxy  mode  tracks  and  stops  a  wide 
variety  of  incoming  and  outgoing  traffic,  including  Web 
access  to  unregistered  users.lt  also  records  all  e-mail  traf¬ 
fic  and  blocks  Web  mail  access.  Individual  PC  profiles 
can  be  modified  to  allow  such  traffic,  and  port  forward¬ 
ing  supports  external  system  access  or  online  games  (if 
used  in  a  home  environment). 

RAID  5  is  the  default,  although  RAID  0  and  1  are  sup¬ 
ported.  RAID  support  cuts  the  available  disk  space  down 
from  IT  byte  to  680G  bytes,  but  using  four  500G-byte  disks 
will  boost  the  capacity  to  2T  bytes  (for  usable  space  of 
about  1.5T  bytes) 

We  would  have  preferred  to  see  a  Gigabit  Ethernet  port 
on  the  box,  but  we  were  OK  with  the  eight  lO/lOOM  bit/sec 
LAN  ports  (and  the  WAN  port).  The  Yellow  Machine 
Manager  administration  utility  worked  with  Firefox  (but  just 
barely)  and  Internet  Explorer  6.0  or  above  is  supported. 

Cleverly  the  Yellow  Machine  offers  client  backups  from 
the  NAS.  To  do  this,  we  created  a  user  and  back-up  folder, 
and  told  the  device  which  shared  client  folders  to  back  up 
and  set  a  schedule.  No  client  software  was  supported,  but 
we  had  to  go  to  the  Yellow  Machine’s  file  system  for  file 
restoration,  the  flip  side  of  having  no  client  software. 

Configuring  a  Yellow  Machine  for  a  remote  office  or 
portable  LAN  hub  would  leverage  the  all-in-one  nature. 
One  unit  to  configure  for  file  storage,  network  access  and 
security  makes  sense  for  project  teams  traveling  to  another 
site, for  example.  Just  plop  the  box  in  a  room,connect  some 
cables  to  laptops  and  you  have  an  instant  network. 

Iomega  200d 

One  of  the  leading  storage  vendors,  Iomega  makes  NAS 
units  that  range  across  the  SMB  landscape.  The  makers  of 
the  Bernoulli  Box  and  Zip  disk  have  leveraged  its  REV  high- 
capacity  small  removable  hard  disk  cartridges  in  an  inter¬ 
esting  way 

The  200d  we  tested  included  a  REV  drive  and  cartridge.  A 
REV  cartridge  holds  35G  bytes  native, 
and  up  to  90G  bytes  of  compressed 
data,  and  is  small  enough  to  lose  in  a 
briefcase.  Iomega  now  positions  REV 
disks  against  tape  drives  for  large 
back-up  jobs,  because  the  REV  car¬ 
tridges  cost  the  same  or  less  than 
many  tape  cartridges,  yet  read  and 
write  data  much  faster.  Data  can  be 
read  or  written  between  NAS  disks 
and  the  REV  drive  anytime,  in  any 
direction. 

Unlike  the  customized  Unux  OS,  the 
200d  runs  on  Windows  Storage  Server 
2003  software.  Iomega  says  the  Web- 
based  administration  pages  work 
well  until  they  dump  you  into  Windows  through  a  Remote 
Terminal  connection,  and  the  management  interface 

Sp  changes  completely  Users  can  be  read  from  domain  con- 
hollers  or  Active  Directory  a  nice  inducement  for  Windows 
shops  to  go  with  Iomega.  Windows  brings  with  it  the 
Shadow  Copies  feature  for  unit  storage  backup.  Windows, 
Macintosh,  Linux/Unix  and  Novell  clients  are  supported. 

!  ne  2(X)d’s  case  is  quiet  enough  for  office  use  and  a  door 


hides  the  two  removable  hard  disks  (not  hot  swappable) 
and  a  REV  drive.  Four  USB  2.0  ports  that  can  add  extra  REV 
drives  and  a  print  server  finish  the  package.  The  box  also 
can  send  status  and  alert  e-mails. 

Our  unit  had  three  removable  disk  slots  with  two  hard 
disks  (for  320G-bytes  total)  in  a  RAID  1  configuration  (mir- 
rored).The  third  slot  held  the  REV  drive. 

Backup  is  covered  through  bun¬ 
dled  software  from  Computer  Asso¬ 
ciates  (BrightStore  ARCserve)  as  well 
as  Iomega’s  Automatic  Backup  Pro 
application.  We  used  Automatic 
Backup  Pro  to  write  out  files  after 
each  change,  or  scheduled  clients  to 
a  schedule.  In  a  market  where  some 
vendors  forget  about  backup,  this  was 
a  nice  touch. 

The  Windows  operating  system  in¬ 
cludes  File  and  Print  Services  for  Net¬ 
Ware  (FPNW).  Because  Microsoft 
and  Iomega  don’t  include  their  own 
Novell-like  client  for  access,  they 
force  you  to  violate  the  license  on 
real  Novell  client  software  to  use  FPNW 
Business-ready  and  solid,  the  200d  offers  removable  data 
cartridges  for  offsite  data  storage,  something  new  in  this 
market. Yet  the  price  tag  puts  it  at  the  high  end  in  terms  of 
dollars  per  gigabyte.  Companies  with  Windows  servers 
might  pay  the  price  for  easy  integration  and  the  REV  car¬ 
tridge  backup.  Before  rejecting  this  model,  however,  price 
tape  drives  with  35G  bytes  (or  more)  of  storage  capacity  to 


see  if  the  device  is  more  easily  justified. 

Storage  Central  SGI  01 

We  were  frustrated  by  the  Netgear  Storage  Central  SClOl, 
from  Netgear  by  way  of  Zetera’s  block-based  storage-area 
network  (SAN)  technology  that  gets  the  price  under  most 
NAS  boxes.  Although  the  hardware  looks  great  and  works 
well  when  finally  installed,  the  square  SAN  peg  pounded 
into  the  round  hole  of  the  home  and  small-business  market 
pushes  technology  into  a  market  that  doesn't  need  it. 

The  unit  comes  without  hard  drives,  turning  this  into  a  do- 
it-yourself  project  from  the  start  (our  unit  came  with  two 
120G-byte  hard  drives  already  installed).  Second,  only  Win¬ 
dows  XP  (with  Service  P&ck  2)  or  Win  2000  (with  Service 
Pack  4)  systems  can  play  because  SAN  drivers  must  be 
loaded  onto  each  client  PC  for  it  to  interact  with  the  SClOl . 
The  management  interaction  occurs  through  the  client 
software,  because  there’s  no  browser-based  administration 
utility  Users  must  work  with  disk  drives  identified  by  their  IP 
address,  although  renaming  the  drives  isn’t  hard  once  you 
get  into  the  advanced  configuration  options.The  unit  is  not 
visible  in  Windows  networking  utilities  such  as  My  Network 
Places,  as  well  as  Linux  or  Macintosh  systems.  Finally  limited 
ability  to  manage  the  drives  created  for  each  user  com¬ 
pounds  the  concern  of  seeing  what  appears  to  be  conflict¬ 
ing  drive  information  in  different  administration  screens. 

But  the  unit  looks  great.  Smaller  than  a  toaster,  the  SClOl 
has  an  aluminum  top  with  a  fin  design  that  doubles  as  a 
heat  radiator  for  the  two  drives.Three  LEDs  (power,  network 
and  disk  activity)  and  a  large  screw  that  accesses  the  case 
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Iomega's  200d  offers  removable  cartridges 
for  offsite  data  storage. 


“Canobeam  sets  up 
V  at  a  moments  notice 

'■■’V  ■  .  ,■£.  -  ,  . . 

for  connectivity  on  the  fly. 

Bob  Shafto,  Senior  Comm,unications  Manager 
’  International  Speedway  Corporation 


AutoTracking  Built-in  to  All  Models 
GigE  Speed  and  Affordability 
Connects  With  More  Users. 


^Canobeam  stayed  g 
on  thl^irLthroughout 

the  {Florida)  storms.” 

Tom  Bennett.  Technical  Co-Principal, 

■  Omnispring 


“Canobeam  is  doing 
exactly  what  they  said  it 
would  on  an  optimal  level. 

John  Kratochvil,  Director  of  IT 
I  Edmonton  Economic  Development  Corporation 


►  Data  speeds  from  ►  Data  speeds  from  ►  Data  speed  at  1.25Gbps 
25IV1BPS  TO  156Mbps  25Mbps  to  156Mbps  for  Gigabit  Ethernet 

►  Data  transmission  ►  Data  transmission  ►  Data  transmission 
FROM  20m  to  500m  from  100m  to  2km  from  100m  to  1000m 


More  and  more  users  are  discovering  the  benefits  of 
Canobeam  FSO  wireless  transmission  for  primary  or 
redundant  applications.  They  include  a  broad  base  of 
users  from  commercial  Internet  providers  maintaining 
the  integrity  of  their  networks,  to  office  campuses 
where  installing  fiber  between  buildings  is  cost- 

Find  out  more  at  canobeam.com 


prohibitive,  to  race  tracks  where  fast  data  access 
needs  can’t  be  met  with  traditional  fiber  installations. 
In  those  applications  and  many  more,  Canobeam 
DT-100  Series  units  feature  the  speed,  dependability 
and  AutoTracking  requirements  that  provide  the 
perfect  solution  for  more  and  more  users. 

Canon  KNOW  HOW® 


1-800-321-4388  (Canada:  905-795-2012) 


02005  Canon  U.S.A.,  Inc.  Canon  and  Canon  Know  How  are  registered  trademarks  of  Canon  Inc.  in  the  United  States 
and  mav  also  be  registered  trademarks  or  trademarks  in  other  countries. 
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adorn  the  front  of  the  box. 

Intolerant  of  most  personal  fire¬ 
walls,  the  client  software  uses  spe¬ 
cialized  SAN  drivers  to  communi¬ 
cate  with  the  SC  101.  During  client 
installation,  it  took  many  steps  to 


establish  communications,  but  it 
did  map  a  logical  drive  letter  to 
the  SClOl  unit.  Netgear  makes  a 
big  deal  about  this  method  of 
drive  mapping,  but  every  other 
NAS  we’ve  tried  works  fine  with 
the  “My  Network  Places  >  Tools  > 
Map  Network  Drive”  option  that 
provides  essentially  the  same 


results. 

Only  two  of  our  three  test  PCs 
could  successfully  run  the  Netgear 
client  software.  The  primary  test 
PC,  an  Advanced  Micro  Devices- 
based  unit  with  734M  bytes  of 
RAM,  could  run  the  client  software 
but  couldn’t  connect  to  the  SCIOI. 
We  failed  to  create  a  new  drive 


share  with  this  PC,  but  the  drive 
name  would  appear  on  the  SC  101 
“available  drives"  list  even  after  the 
failure  messages.  Unfortunately  we 
could  never  attach  the  drive  and 
use  the  storage  unit  with  our  first 
PC.  The  other  two  PCs  (an  XP  Pro¬ 
fessional  desktop,  and  a  Ftentium 
III  laptop  running  Win  2000  and 


i^i^orld  Class  Communications 
Anywhere  in  the  World™ 


i  i  CapRfxk 


Satellite  communications  ruggedized  for 
remote  locations  and  harsh  environments 

Secure  Corporate  Networking 
Digital  Telephony 
Broadband  Internet 
Real-Time  Video 

For  more  information  call  I  -888-482-0289. 


connected  wirelessly),  could  both 
attach  drives  and  properly  config¬ 
ure  the  unit. 

Client  PCs  carve  some  of  the 
available  disk  space  into  a  drive 
that  can  be  made  private  or  pub¬ 
lic,  password  protected  or  not,  and 
mirrored  or  not.  If  the  drive  is  pub¬ 
lic,  other  users  can  attach  to  that 
drive,  and  it  effectively  becomes  a 
local  hard  disk.  The  drive  letter 
assigned  by  the  installation  pro¬ 
cess  is  the  next  available  letter  on 
the  PC.  Detaching  an  assigned 
drive  on  the  SCI 01  deletes  the 
space  and  contents  after  warn¬ 
ings.  Drive  spaces  not  created 


Installation  issues  plagued  the 

Netgear  SCIOI. 

completely  by  our  third  PC  were 
immune  to  attempts  to  manage 
directly  and  delete,  making  it 
appear  as  if  the  allocated  space 
was  unreachable,  when  it  was 
available. 

Once  installed  properly,  the 
SCIOI  worked  well.  The  advan¬ 
tages  of  SAN  technology  don’t 
appear  with  a  single  storage  unit, 
however.  For  high-end  home 
users,  video  streams  well  from  the 
unit,  but  not  noticeably  better 
than  from  other  units  we  tested. 
But  the  small  unit  is  silent,  and 
silence  alone  should  be  enough 
for  audiophiles  to  make  this  their 
storage  choice.  Putting  two  500G- 
byte  drives  in  this  case  creates  a 
tiny  terabyte  of  silent  storage. 

For  a  midsize  or  larger  network, 
the  value  of  the  IP-driven,  switch¬ 
less  SAN  technology  can  be  real¬ 
ized.  Mirroring  drives  between 
two  separate  physical  devices  is 
no  problem.  Mirror  them  through 
a  WAN  link  to  another  location  is 
possible,  creating  a  valuable  data 
redundancy  feature.  Netgear  has  a 
nice  line  of  network  equipment 
for  midsize  companies,  and  the 
technology  of  the  Storage  Central 
device  will  make  a  bigger  splash 
in  that  market  than  in  a  home  or 
small  office  setting. 

Gaskin  can  be  reached  at 
readers@gaskin.  com. 
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OptiSwitch  9000  IP/MPLS  +  eWDM  +  Cross  Connect 


Why  MRV?  MRV  provides  Innovative  Service  Aware  Networking  Technologies  for  carriers  and  enterprises. 
MRV’s  comprehensive  solutions  comprise  of  IP/MPLSA/PLS  switching  and  routing  intelligence,  combined  with 
WDM,  Optical  transport.  Wireless,  and  Cross  Connect  services.  MRV’s  networking  solutions  are  managed  by 
MegaVision®  Pro™  a  multhvendor,  end-to-end  advanced  NMS,  and  InReach®  the  most  secure,  FIPS  140-2, 
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Service  Aware  Networking  Technologies™ 

Please  visit  us  at 

www.mrv.com/nww  or  call  us  at  1-800-338-5316 


56  •  www.networkworld.com  •  10.24.05 


E-MAIL  NEWSLEHER  SHOWCASE:  WIDE-AREA  NETWORKING 

WAN  optimization  heips  speed  up  data  replication 


BY  STEVE  TAYLOR  AND 
JIM  METZLER 

CitiStreet  saved  money  and  com¬ 
plied  with  regulatory  require¬ 
ments  with  WAN  optimizations. 


CitiStreet  is  one  of  the  largest 
global  benefits  delivery  firms  in 
the  US.  It  serves  more  than  10  mil¬ 
lion  participants  and  administers 
more  than  $200  billion  of  assets. 


CitiStreet  administers  the  records 
of  9  million-plus  subscribers. 

CitiStreet’s  CIO  Barry  Strasnick 
says  to  ensure  the  highest  levels  of 
availability  for  the  company’s 


clients,  CitiStreet  replicates  6G 
bytes  of  data  daily  This  data  must 
be  encrypted  before  it  can  transit 
the  WAN. 

The  problem  CitiStreet  faced 


How  many  tools  do  you  use  to 
Certify,  Identify,  Configure  &  Document 
your  Ethernet  network? 

(That’s  too  many!) 


Introducing  Validator-NT 

The  AINn-One  Network  Management  Tool 

CERTIFY  individual  Ethernet  cable  runs  up  to 
1  Gigabit  Speed  per  IEEE802.3  specifications. 

Test  for  TIA568  Interconnect  problems.  Determine 
fault  locations,  cable  length  and  delay  or  noise 
conditions.  Produce  and  print  cable  test  schedules 
and  cable  test  results.  Qualify  lines  for  VoIP  usage. 

IDENTIFY  active  components  of  your  network  on 
the  other  end  of  the  cable.  Identify  all  types  of  equipment 
and  port  service  discovery  with  advertised  speed  ratings 
and  DHCP  negotiation.  Access  IP  addresses,  ping  equipment 
and  flash  hubs/switches  for  positive  port  location. 

CONFIGURE  links  between  nodes  at  Gigabit  speed. 

Check  IP  addresses  on  netmask.  Gateway/routers  and  domain 
name  servers.  Confirm  links  between  equipment  for  changes 
or  upgrades. 

DOCUMENT  the  network  with  the  included  powerful 
Plan-Um’”  software.  Create  layouts  of  offices/premises  or  Import 
existing  Visio/AutoCAD  drawings.  Show 
cables  and  equipment  they  connect  to  in 
physical  locations.  Print  out  layouts  and 
corresponding  Cable  Test  Schedules.  The  Network 
Tool  section  of  Plan-Um~  allows  you  to  create  a  complete 
topology  layout  of  the  network  for  on-site  reference,  showing 
connections,  equipment  and  cable  pathways.  You  can  add  notes  to  each 
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Everything  you  need  to  Test,  Trace  and  Tune  your  Ethernet  Network. 


Test-Um  Inc. 

The  tntcMgwH  TWst  Solutions  Company 
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USA 


805-383*1500  *  FAX  805-383-1595  *  www.test-um.com 


was  multi-faceted.  Part  of  the  prob¬ 
lem  was  CitiStreet’s  daily  data 
replication,  which  was  taking  55 
minutes  per  day  was  likely  to  in¬ 
crease  in  the  time  it  took  as  Citi¬ 
Street  added  customers.  Its  exist¬ 
ing  approach  to  encryption  con¬ 
sumed  a  significant  amount  of 
CPU  cycles  on  its  servers.  If  it  did 
not  find  a  way  to  reduce  the 
amount  of  time  it  took  to  do 
secure  data  replication,  it  would 
be  forced  to  increase  the  capacity 
of  the  WAN  by  purchasing  addi¬ 
tional  bandwidth. 

Strasnick  says  it  is  difficult  to 
find  a  solution  that  can  do  a  good 
job  of  compression  and  imple¬ 
ment  encryption. 

He  deployed  a  new  session  layer 
(Layer  5)  technology  that  com¬ 
bines  the  functionality  of  WAN 
optimization,  application  acceler¬ 
ation  and  data  encryption  in  one 
appliance.  The  technology  em¬ 
ploys  Layer  4  WAN  optimization 
techniques  to  maximize  the 
throughput  of  the  network  while 
using  Layer  7  application  acceler¬ 
ation  techniques  to  speed  the 
data  replication.The  appliances, 
which  are  deployed  symmetri¬ 
cally  at  both  ends  of  the  link, 
also  provide  data  encryption. 

CitiStreet  opted  to  implement 
Swan  Labs’  WANJet  appliance, 
and  so  far,  CitiStreet  has  been 
impressed  with  the  results. 

According  to  Strasnick,  the 
time  it  takes  to  do  data  replica¬ 
tion  has  been  reduced  from  55 
minutes  to  9  minutes.  This  has 
enabled  CitiStreet  to  grow  its 
customer  base  significantly 
without  having  to  increase  the 
capacity  of  its  WAN  by  purchas¬ 
ing  costly  additional  lines. 

Taylor  is  president  of  Distributed 
Networking  Associates  and  pub- 
lisher/editor-in-chief  of  Webtorials. 
Metzler  is  vice  president  of  tech 
consulting  company  Ashton, 
Metzler  &  Associates.  They  can  be 
reached  at  taylor@webtorials.com 
and  jim@ashtonmetzler.com. 
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Gartner  analyst  shares  server  insight 

By  Deni  Conners 

Gartner’s  Jeffirey  Hewitt  gives  his  take  on  servers,  Linux 


Sponsored  by 
Rose  Electronics 


At  the  recent  Gartner  PlanetStorage  conference  in  Lake  Buena  Vista, 
Fla.,  principal  analyst  Jeffrey  Hewitt  made  several  interesting  points 
about  Linux  and  servers. 
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Among  the  drivers  in  the  server  market  is  economic  growth;  healthy 
economies  demand  server  technologies.  The  growth  of  the  Internet, 
cell  phones,  PDAs  and  smart  phones  has  also  driven  server  growth, 
as  servers  are  needed  to  support  the  back-end  infrastructure  for 
these  technologies. 


Find  this  article  at 

www.networkworld.com/go/server8.htnil 


For  other  great  newsletter  topics,  go  to 
www.networkworld.com/go/nt1024.htmi 
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SERVERS  WITHIN 
FROM  ANY 


YOUR  REACH 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix^*^ 

Remote 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


UltraMatrix^'^ 

E-series 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


KVM  SWITCH 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280  ' 

Available  in  several  models 
Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an  :  - 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,(2x8,  2x16,  ■ 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi- platform. 


KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 
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XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 
Keyboard  ; 
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Oracle  Fusion  Middleware 

Hot-Pluggable 


So  Standard,  It's  Hot-Pluggable 
With  Your  Existing  Software 

J2EE — Enterprise  Portal  —  identity  Management —  Integration  —  Data  Hub — Business  Intelligence 


oracle.com/middleware 
or  call  1.800.0RACLE1 


Copyright  <S)  2005,  Oracle.  All  rights  reserved.  Oracle,  JO  Edwards  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 
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THE  ONLY  WAY  TO  DO  BUSINESS 
OUT  OF  THE  OFFICE  IS  WITH 
MULTIPLE  MOBILE  DEVICES. 


GET  YOUR  FREE  COPY  OF  “MOBILE  WORKFORCE  FOR  DUMMIES 
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AT  AVAYA.COM/DUMMIES 


AVAYA  IP  TELEPHONY  GIVES  YOU 
SINGLE-DEVICE  MOBILITY,  LIKE 

HONE. 


AVAyA 

COMHUNICATIONIS 
AT  THE  HEART  OF  BUSINESS 


02005  Avaya  Inc.  All  Rights  Reserved.  Avaya.  the  Avaya  Logo,  and  all  trademark  Identified  by  ®,  TM,  or  SM  are  registered  trademarks,  trademarks,  or  service  marks  of  Avaya  Inc.,  and  may  be  registered  in  certain  jurisr^tions. 
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To  win  your  business,  outsourcers  are 
offering  a  host  of  options  for  your  utility 
infrastructure . 


BY  MARY  BRANDEL 

ata  center  outsourcing  is  a  different  game  from  what  it  was  ear¬ 
lier  this  decade.  Contracts  are  shrinking  from  six  to  10  years  to 
three  to  five  years,  according  to  Deloitte  Consulting.  Single¬ 
provider  mega-deals  are  on  the  wane,  Gartner  reports.  And 
while  cost  reduction  is  still  a  big  reason  for  signing  outsourcing  deals,  many  cor¬ 
porations  are  no  longer  just  interested  in  passing  on  “their  mess  for  less,”  says  Jeff 
Kaplan,  president  of  Thinkstrategies.  Increasingly,  he  says,  IT  executives  look 
toward  outsourcing  providers  for  help  migrating  from  legacy  environments  to  the 
more  flexible  and  lower-cost  platforms  of  the  new  data  center. 

“Most  people  are  feeling  overwhelmed  with  the  whole  ‘new  data  center’  idea,”  Kaplan  says.“It’s  pretty  complicated, 
with  dozens  of  technologies  involved,  and  very  few  corporations  have  enough  internal  expertise  to  sort  it  out.” 

IBM,  one  of  the  leading  outsourcers,  sees  a  troika  of  concerns  driving  IT  executives  to  consider  outsourcing  their 
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new  data  center  migration,  says  Mike  Riegel,  Big 
Blue’s  director  of  on-demand  business. “Business 
leaders  today  are  simultaneously  interested  in  grow¬ 
ing  revenue,  cutting  costs  and  being  more  flexible 
—  never  before  have  we  seen  them  do  all  three  at 
the  same  time,”  he  says 

Outsourcers  are  responding  by  incorporating 
more  new  data  center  technology  into  their  service 
offerings.  Here’s  a  look  inside  five  leading  outsourc¬ 
ing  operations. 

CSC:  Results^riven  Computing  Grid 

Computer  Sciences  Corp.  (CSC),  which  does 
not  make  new  data  center  products,  plays  up 
the  benefits  of  vendor  agnosticism. 

In  the  storage  arena,  for  example,  CSC  relies 
mainly  on  Hitachi  Data  Systems,  whose  Tagmastore 
Universal  Storage  Platform  virtualizes  heteroge¬ 
neous  storage  systems  into  one  pool,  and  EMC, 
which  recently  began  offering  a  network-based  stor¬ 
age  virtualization  system  called  lnvista.lt  also  works 
with  a  range  of  other  vendors,  including  Fujitsu,  HP 
IBM  and  Sun.  It  tops  off  its  storage  offering  with  auto¬ 
mated  provisioning  and  management  software  from 
Creekpath  Systems,  says  Chris  Helme,  CSC’s  vice 
president  of  global  production  operations. 

In  grid  computing,  CSC  recognized  that  many 
users  couldn’t  commit  to  the  large  capital  invest¬ 
ment  often  required.  It  developed  the  hardware- 
independent  Results-Driven  Computing  (RDC)  Grid, 
which  can  run  any  x86  operating  system  and  any 
software  stack  “in  a  defense-like  security  environ¬ 
ment,”  Helme  explains. 

Other  new  data  center-type  technologies  in  use  at 
CSC  include  high-availability  server  clusters  from  HP 
IBM,Sun,Veritas  and  other  vendors,  and  capacity  on 
demand  for  storage  and  computing.  Beyond  the  tra¬ 
ditional  methods  such  as  spare  CPUs,  dynamic 
workload  management  and  spare  capacity,  CSC 
uses  a  proprietary  method  for  expanding  and  con¬ 
tracting  the  computing  environment  to  match  busi¬ 
ness  requirements,  Helme  says.  CSC  calls  this 
Results-Driven  Computing. 

For  its  bandwidth-on-demand  offerings,  including 
MPLS,  IP  Security  VPNs,  virtual  LANs,  VoIP  and  QoS, 
CSC  uses  technology  platforms  from  a  variety  of 
vendors,  including  Check  Point  Software,  Cisco, 
Juniper  Networks,  Nortel  and  Racketeer,  and  various 
global  carriers,  including  British  Telecom  and 
Global  Crossing. 

Thinkstrategies’  Kaplan  considers  CSC’s  vendor-in- 
dependence  a  big  plus,  but  says  the  outsourcer 
could  do  a  better  job  articulating  its  utility  comput¬ 
ing  strategies  and  success  stories.  “It  hasn’t  been  in 
tlie  game  as  much”  as  IBM,  HP  and  Sun,  he  says. 

EDS:  Enterprise  Architecture 

Electronic  Data  Systems’  (EDS)  biggest  new  data 
center  outsourcing  challenge  is  breaking  out  of  its 
traditionarmega-deal”  approach  and  creating  a  cost 
structure  that  can  accommodate  smaller,  more  flex¬ 


ible  engagements.“It’s  been  struggling  to  develop  a 
coherent,  consistent  and  compelling  utility  com¬ 
puting  story  that  competes  against  IBM  and  HR’ 
Kaplan  says. 

In  that  regard,  the  company  last  year  created  the 
Agile  Enterprise  Architecture  (AEA).  EDS  has  built  a 
standard  technology  infrastructure  on  which  to  run 
the  bulk  of  its  customers’  IT  operations.  Technology 
partners  include  Cisco  for  routers,  EMC  for  storage 
hardware  and  Sun  for  servers. 

Other  components  of  the  AEA  plan  are: 

•  A  partnership  with  Sun  for  automatic  provision¬ 
ing  of  Windows,  Linux  or  Unix  on  the  vendor’s  AMD 
Opteron-based  blade  servers. 

•  Twenty-nine  best  practices  for  tasks  such  as  serv¬ 
er  consolidation,  utility  computing,  storage  virtual¬ 
ization  and  application  renewal. 

•  Use  of  the  Microsoft  .Net  platform  as  the  pre¬ 
ferred  operating  environment. 

“EDS  now  has  a  competitive  list  of, ‘If  we  provide 
this  function,  there’s  a  price  for  setting  up  each 
server  and  the  ability  to  buy  partial  racks’ vs. ‘Don’t 
worry  about  how  much  you  need  but  here’s  a  great 
big  bill  each  month,’”says  DanTwing,a  research  vice 
president  with  Enterprise  Management  Associates. 
“It’s  more  a  la  carte.” 

At  the  network  level,  EDS  is  building  a  global 
IP/MPLS  backbone  that  will  serve  as  the  foundation 
for  grid  and  utility  computing  when  it  becomes 
operational  this  quarter.  EDS  says  the  goal  is  to  man¬ 
age  systems  and  applications  from  any  point  in  the 
world. “We  will  be  able  to  virtualize  our  computing 
capacity  between  data  centers  here  and  in  Ger¬ 
many  as  well  as  our  call  centers  and  application 
delivery  centers,”  says  Gordon  Martin,  vice  president 
of  EDS’s  communications  services. 

EDS  also  is  adding  more  applications  to  the  list  of 
packaged  applications  that  it  currently  hosts,  as  well 


as  virtualizing  these  applications. 

The  company  enables  physical  virtualization  by 
combining  Cisco  InfiniBand  Server  Switches  and 
Multifabric  Server  Switches  to  allow  an  entire  fabric 
of  servers  to  share  virtualized  pools  of  I/O  and  stor¬ 
age  resources.  Cisco  VFrame  Server  Fabric  Virtual¬ 
ization  software  provides  the  provisioning  and 
orchestration  of  compute  resources  over  this  unified 
fabric.To  enable  logical  virtualization,  EDS  primarily 
uses  VMware  software  but  has  started  to  add  Sun’s 
Solaris  10  containers.  It  also  intends  to  use  Micro¬ 
soft’s  server  virtualization  product  eventually 

“There’s  an  extreme  amount  of  interest  in  com¬ 
mingling  workloads  ...  to  take  advantage  of  non- 
used  cycles  in  the  environment,”says  Larry  Lozon, 
vice  president  of  hosting  and  storage  services  at 
EDS.  Through  the  global  network,  application  pro¬ 
cessing  can  be  divided  up  among  an  EDS  data  cen¬ 
ter,  the  client  site  or  a  third-party  environment. 

EDS  is  rolling  out  its  time-tested  mainframe-meter¬ 
ing  model  into  the  server-based  world,  and  several 
clients  are  road-testing  it.“What  we’ll  be  getting  to  is, 
‘Here’s  a  particular  application  service,  and  it  costs 
this  much  per  hour  to  run,  along  with  add-on  serv¬ 
ices  in  terms  of  backup/restore  capabilities’”  Lozon 
says.  He  says  some  of  that  may  rollout  in  2006. 

HP:  Adaptive  Enterprise  Strategy 

You  can’t  discuss  HP’s  new  data  center  outsourc¬ 
ing  approach  without  immediately  talking  about  its 
Adaptive  Enterprise  Strategy  the  name  for  its  infra¬ 
structure  scheme  that  automatically  adjusts  to  sup¬ 
port  business  needs.  This  strategy  includes  the  fol¬ 
lowing  new  data  center  components: 

•  Grid  computing:  HP  is  developing  technologies 
for  intelligent  enterprise  grids  that  can  process  mis¬ 
sion-critical  applications  while  navigating  corporate 
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From  right  here. 


Manage  your  data  center  from  anywhere... 

In  today's  pressure  filled  “uptime”  environment  where  a  few 
minutes  can  cost  you  big  dollars,  customer  confidence  and 
worker  productivity,  you  can't  afford  to  have  IT  problems.  And, 
you  know  fewer  administrators  and  “lights  out”  control  of  your 
data  centers  gives  you  a  much-needed  security  buffer. 


Lantronix  gives  you  access  to  ALL  of  your  data  center  assets 
from  anywhere  over  the  Internet  via  a  browser,  and  total  out-of- 
band  access  if  the  network  is  down.  We  also  offer  the  only 
console  manager  available  with  a  NIST-certified  implementation 
of  Advanced  Encryption  Standards  (Rijndael)^  along  with  SSL 
and  SSH  assuring  you  the  highest  level  of  security  available. 


SecureLinx™ 


Lights  out  remote  data  center  management 


Secure  Console  Managers 

Remote  management  of  Linux,  Unix  and 
Windows®  2003  servers,  routers,  switches, 
telecom  and  building  access  equipment. 

-  Respond  faster  and  reduce  downtime 

-  Consolidate  resources  and  minimize  costs 
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Remote  KVM  "  via  IP 

Manage  an  entire  room  full  of  Windows  and 
Linux  servers  from  a  single  desktop,  from 
anywhere  over  the  Internet. 

-  Eliminate  need  for  multiple  keyboards, 
monitors  and  mice 

-  No  client  software  required 
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Remote  Power  Managers 

Control  the  power,  individually,  to  every  device 
in  the  data  center  via  a  web  browser. 

-  Reboot  system  remotely 

-  Ensure  safe  power  distribution  and  reduce 
in-rush  overload 
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Winner  of  the  Network 
Computing  Editor’s 
Choice  Award 
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(Federal  Information  Processing  Standards).  ©  2005  Lantronix,  Lantronix  is  a  registered  trademark,  and  SecureLinx  and  Remote  KVM  are  trademarks  of  Lantronix,  Inc. 


www.lantronix.com  I  (800)  422-7055 


www.networkworld.com/ndcSOOS/oufcBOurcing  October  8<4,  8005 


Inside, 

continued  from  page  60 

firewalls  and  networks. 

•  Server  clustering:  HP’s  suite  of  server  clustering 
technologies  and  services  includes  HP  Service 
guard  for  Unix  and  Linux,  HP  Unified  Cluster 
Portfolio  for  High  Performance  Computing,  HP 
OpenVMS  Cluster  software  and  HP  BladeSystem 
/Systems  Insight. 

•  Capacity  on  demand:  HP  offers  a  range  of  usage 
based  pricing  capabilities,  including  Instant 
Capacity  Temporary  Instant  Capacity  pay  per  use, 
managed  storage  solution,  an  Exchange  utility  and  a 
PC  utility 

•  Server  virtualization:  HP  can  pool,share  and  alle 
cate  resources  across  its  Integrity,  BladeSystem, 
Proliant  and  Nonstop  servers. 

•  Storage  virtualization:  HP  StorageWorks  Enter¬ 
prise  Virtual  Array  Systems  can  adjust  storage  alle 
cation  size  while  applications  are  running. 

•  Management  software:  HP  OpenView  helps 
manage  IT  and  telecom  resources  in  an  autonomic 
fashion.  This  includes  application  management, 
business  management,  configuration  management, 
governance,  infrastructure  management  and  more. 

HP  uses  its  new  data  center  technologies  inter¬ 
nally  says  Nick  van  der  Zweep,  HP’s  director  of  virtu¬ 
alization  and  utility  computing.  So  when  internal  or 
external  customers  ask  for  a  new  service,  the  service 
can  be  carved  out  of  an  already-running  pool  of  re¬ 
sources  and  be  up  and  running  in  24  hours,  van  der 
Zweep  says.  If  a  project  gets  cancelled,  those  re¬ 
sources  can  be  used  for  other  applications. 

HP  also  is  strong  in  its  capacity-on-demand  capa¬ 
bilities.  “It  talks  the  right  language  of  business  vs. 
technical  metrics  and  solutions,”  Kaplan  says. 

The  HP  Utility  Meter  monitors  server  and  storage 
usage  rates,  then  inputs  those  into  a  billing  and 
mediation  system  so  HP  can  charge  based  on  active 
CPUs  or  gigabytes  used  on  a  daily  or  monthly  basis. 
It  can  create  custom  measurements,  too.  For  Dream¬ 
works,  for  example,  it  charges  per  rendered  anima¬ 
tion  frame.  And  for  Amadeus,  it  charges  per  number 
of  airline  seats  booked.’When  either  infrastructure  is 
not  being  used  at  peak  capacity  HP  can  use  it  to  run 
other  applications. 

Although  usage-based  computing  works  mainly 
on  HP’s  own  hardware,  van  der  Zweep  emphasizes 
that  its  outsourced  data  centers  contain  “a  tremen¬ 
dous  amount  of”  non-HP  hardware.  “We  have  some 
capability  to  shift  resources  around  on  other  ven¬ 
dor’s  equipment  using  processes  and  software 
development  that  we  don’t  sell  to  customers,”  van 
der  Zweep  says. 

IBM:  Virtual  htisting 

IBM  offers  virtual  servers,  a  top-selling  storage  vir¬ 
tualization  product,  network  virtualization  services, 
and  management  for  the  new  data  center. 

The  company’s  Virtual  Hosting  outsourcing  strat¬ 


egy  encompasses  the  following: 

•  A  multiplatform  virtual  server  that  lets  corpora¬ 
tions  choose  between  100%  virtual  hosting  or  a  mix 
of  virtualization  and  traditional  hosting  services. 
Customers  can  choose  a  pay-per-usage  plan. 

•  Virtual  server  services  for  xSeries,  pSeries  and 
iSeries  IBM  servers.  With  these  servers,  multiple 
applications  that  previously  resided  on  separate 
physical  servers  are  run  in  partitioned,  secure  and 
logically  isolated  areas  of  a  single  device.  As 
demand  escalates,  so  does  the  ability  to  add  pro¬ 
cessing  capacity 

•Virtual  server  services  for  the  Eserver  zSeries  990 
running  Linux. 

•  Virtual  networking  services,  including  on- 
demand,  usage-based  firewall,  load  balancing  and 
routing.  These  resources  are  pooled,  and  capacity  is 


CSC:  promotes  itself  as  vendor 
agnostic  and  offers  a  variety  of  virtu¬ 
alized  options  including  storage  vir¬ 
tualization  and  grid  computing. 

EDS:  calls  its  utility  computing 
efforts  the  Agile  Enterprise 
Architecture,  a  standard  infrastruc¬ 
ture  that  includes  highly  flexible  tech¬ 
nologies. 

HP:  dubs  its  new-data-center 
efforts  as  the  Adaptive  Enterprise 
Strategy,  which  uses  a  wide  variety 
of  technologies  to  automatically 
adapt  IT  as  business  needs  change. 

IBM:  promotes  its  Virtual  Hosting 
outsourcing  strategy,  which  includes 
virtual  server,  networking  and  infra¬ 
structure  services  and  more. 

Unisys:  labels  its  new  data  center 
strategy  as  the  "three-dimensional 
visible  enterprise"  and  features  real¬ 
time  management  and  automation 
technologies. 

directed  to  applications  or  servers  as  needed. 
Router,  firewall  and  load-balancing  services  are 
consolidated  onto  a  single  hardware  platform,  the 
virtual  services  switch,  replacing  more  than  100 
stand-alone  appliances. 

•  Virtual  infrastructure  services,  such  as  online 
database  backup,  storage  on  demand,  backup  and 
restore  content  caching  and  VPN  connectivity 
The  linchpin  of  this  strategy  is  the  Universal 
Management  Infrastructure  (UMI),a  complex  archi¬ 
tecture  that  uses  Tivoli  management  software. 


Websphere  and  other  code  to  enable  IBM  to  provi¬ 
sion  and  automate  service  delivery 

The  architecture  includes  41  automated  and  stan¬ 
dardized  processes,  including  server  provisioning 
(which  IBM  says  can  happen  in  a  matter  of  hours), 
problem  management  (which  uses  autonomic 
computing  to  route  alerts  from  applications  or  busi¬ 
ness  processes)  and  configuration  management 
(which  can,  for  instance,  automatically  add  re¬ 
sources  from  another  server  farm  if  the  external  Web 
site  is  hitting  80%  utilization). 

The  benefit  of  this  autonomic  environment  is  a 
15%  to  20%  reduction  in  infrastructure  costs  and  a 
30%  reduction  of  application  costs,  Riegel  says. 

Users,  too,  expect  UMI  to  lead  to  cost  savings,  says 
Rob  de  Haas,  global  head  of  data  center  services  for 
ABN  AMRO  Bank,the  Dutch  bank  that  recently 
signed  a  five-year,  $2.2  billion  global  outsourcing 
contract  with  IBM  and  four  other  outsourcers  to 
build  the  bank’s  on-demand  IT  infrastructure. 

"UMI  will  enable  ABN  AMRO  to  pay  only  for  the 
computing  power  we  use,"  he  says."It  mitigates  the 
risk  of  outages  by  applying  IT  resources  where  they 
are  needed,  raising  service  levels  and  improving 
application  availability  which  is  critical  to  the  bank." 

Under  the  UMI  umbrella,  IBM  also  says  it  can  sup¬ 
port  multi-vendor  servers  and  the  major  operating 
systems,  including  Linux,  Solaris,  HP-UX,  AIX  and 
Windows. 

Unisys:  3D  Visible  Enterprise 

Phil  Smith,  vice  president  of  outsourcing  and  infra¬ 
structure  services  portfolio  management  at  Unisys, 
says  potential  clients  spend  a  lot  of  time  talking 
about  the  tension  between  the  supply  side  (the  CIO) 
and  the  demand  side  (the  CEO  or  CFO)  of  IT  — 
which  ultimately  leads  to  discussions  of  virtualiza¬ 
tion  technologies.  In  response,  Unisys  executives  cre¬ 
ated  what  they  call  the“three-dimensional  visible  en¬ 
terprise,”  or  3D-VE.  It  defines  the  infrastructure  need¬ 
ed  to  adapt  to  change  in  real  time.  To  that  end, 
Unisys  offers  Real  Time  Infrastructure  (RTT)  solu¬ 
tions,  which  provide  shared  infrastructure  resources 
that  adjust  to  business  needs. 

An  example  is  the  recently  introduced  Business 
Continuance  SafeGuard  30m  series,  which  enables 
the  automatic  recovery  of  Microsoft  clustered  appli¬ 
cations  in  less  than  30  minutes  when  recovery  sites 
are  more  than  186  miles  apart.  Future  RTI  solutions 
will  include: 

•  Standardization  of  infrastructure  components 
for  lower-cost  business  and  IT  operations. 

•  Dynamic  provisioning  and  virtualization  of  infra¬ 
structure  resources. 

•  Automation  of  infrastructure  management  to 
reduce  costs  and  improve  service  levels. 

To  determine  when  and  where  to  apply  virtualiza¬ 
tion,  the  company  first  maps  the  customer’s  business 
process,  using  tools  such  as  Proforma’s  Provision, 
and  then  applies  business  activity  monitoring  tools 
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to  see,  for  instance,  how  many  SAP 
transactions  are  being  used  to 


take  new  orders.  Using  the  3I>VE 
methodology  Unisys  then  super¬ 
imposes  the  model  created  of  the 
company’s  infrastructure.  This 
helps  determine  whether  an  in¬ 


crease  in  sales  orders  necessitates 
an  increase  in  processing  capaci¬ 
ty  for  handling  inventory  tracking, 
which  would  affect  networking 
and  server  workloads. 


“Instead  of  focusing  on,  ‘My 
server  hit  a  certain  threshold  so 
1  better  add  more  capacity  it’s 
driven  by  business  activity  and 
business  process,”  says  Marv 


Chartoff,  Unisys’  CTO  of  outsourc¬ 
ing  and  infrastructure  service. 

For  server  virtualization,  Uni^ 
uses  VMware  and  Intel-based 
servers,  such  as  the  Unisys  ES7000 
server  line.  Its  Tier-1  partners  in¬ 
clude  EMC  for  storage  and  Oracle 
for  grid  computing. 

Users  applaud  the  use  of  virtual¬ 
ization.  “Unisys  owns  the  servers 
and  other  computing  assets  that 
the  city  of  Minneapolis  uses. 
Unisys  is  evolving  its  servers 
toward  a  more  virtualized  envi- 
ronment.That  should  enable  us  to 
realize  greater  efficiencies  and 
deliver  improved  service  to  citi¬ 
zens,”  says  Bill  Beck,  deputy  CIO, 
city  of  Minneapolis  (see  related 
story,  page  68). 

Unisys  also  considers  security 
one  of  its  strong  points,  given  its 
event  and  correlation  engine. 
The  engine  collects  incident 
data  from  multiple  points  on  the 
network,  puts  that  data  into  a 
rules  engine  where  it’s  correlated 
and  analyzed  and  detects 
breaches  that  otherwise  might 
go  unseen. 

Beyond  the  products 

Of  course,  assessing  an  out¬ 
sourcer’s  technology  underpin¬ 
nings  is  only  the  first  step  in  select¬ 
ing  which  firm  best  suits  your  new 
data  center  needs.  And  that,  ex¬ 
perts  agree,  depends  on  which 
outsourcer  can  best  match  its 
technology  to  your  business 
processes. 

“The  technology  in  this  area  has 
become  almost  a  commodity’ 
Kaplan  says.  “What  the  vendors 
are  trying  to  differentiate  on  is  in 
how  they’re  solving  customers’ 
overall  needs.” 

That  was  the  major  decision 
point  for  ABN  AMRO.  “All  of  the 
vendors  have  similar  [product 
and  marketing]  concepts  that 
they’ve  demonstrated,”  says  Tom 
de  Swaan,  CFO  at  ABN  AMRO.“We 
were  more  concerned  about  how 
they  met  our  needs  in  terms  of 
service-level  agreements  and 
price  points.” 

Brandel  is  a  freelance  writer  in 
Newton,  Mass.  She  can  be  reached 
at  marybrandel@verizon.net. 
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Inti'oducing  the  Belden  IBDN”'  System  lOGX. 
Clearly  the  most  innovative  UTP  structured 
cabling  solution  in  the  marketplace. 

Sometinies  you  have  to  take  a  big  leap  in  your  thinking  to  get  to 
something  that’s  truly  new  —  and  truly  great.  That’s  what  we’ve 
done  with  our  10GX  Solution. 

Our  10GX  Solution  isn't  an  improved  or  boosted  Category  6  system, 
but  a  revolutionary  new  system  designed  around  a  series  of 
dynamic  enabling  technologies  that  deliver  on  the  two  most 
critical  factors  in  10  Gigabit  service:  reduction  of  Alien  Crosstalk 
and  controlled  performance  up  to  a  minimum  of  500  MHz. 


'o  accomplish  Beyond  10G™  performance,  we’ve  developed  four 
totally  new  enabling  technologies  —  technologies  that  allow 
■  ■  Belden  IBDN  System  10GX  to  deliver  guaranteed  performance 

toJ25  MHz. 


•  SpiralFleX^'^  Cable  technology  that  increases  randomization  and 
greatly  improves  Alien  Crosstalk  performance 

•  Matrix  |DC™  Module  technology  which  eliminates  the  issue  of 
Alien  Crosstalk  between  modules,  offering  performance  30  times 
better  than  Cat  6 

•  FleXPoint  PCB  Module  technology  that  positions  the  compensation 
circuitry  directly  at  the  plug's  point  oT  contact,  offering  unbeatable 
mated-connection  performance 

•  X-Bar™  Module  termination  technology  that  assures  accurate 
module/cable  termination  and  reduces  installation  differences 

10GX  is  truly  the  most  advanced  10G  system  in  the  marketplace  — 

in  fact,  every  other  system  is  just  treading  water. 


For  more  information,  please  call 
Belden  CDT  Networking 
at  1-800-262-9334. 

www.BeldenlBDN.com 
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Whether  you  need  fast 
backup  and  complete 
protection  or  scalable  and 
easy-to-manage  storage 
consolidation  for  your  mid¬ 
size  enterprise,  EMC  brings 
you  solutions  that  are  high 
on  results— and  simple  to 
use.  That’s  because  it’s 
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iSCSI  Solution 


EMC  CLARiiON 

Backup  Solution 


easier  than  ever  to  put 
award-winning  software, 
robust  storage,  and  world- 
class  technical  support  to 
work  solving  your  business’s 
critical  IT  challenges. 
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Lease 


•  EMC®  CLARiiON®  CX300i 
IP  Storage  Platform 

•  365GB  storage  capacity 

(as  priced),  scalable  up  to  19TB 

•  EMC  Navisphere®  Workgroup 
license 


Buy  for 
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36  mo 
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Lease 


business  solutions 


•  EMC®  CLARiiON®  CX300 
storage  Platform 

•  365GB  storage  capacity 

(as  priced),  scalable  up  to  19TB 

•  EMC  Navisphere®  Workgroup 
license 

•  EMC  Dantz®  Retrospect® 
Multiserver  Backup  software 


Buy  for 

*24,525 


•  EMC®  CLARiiON®  CX300 
Storage  Platform 

•  365GB  storage  capacity 

(as  priced),  scalable  up  to  19TB 

•  EMC  Navisphere®  Workgroup 
license 

•  8-port  switch 


I  EMC  CLARiiON 
SAN  Solution 


for  midsize  enterprises 

CALL  NOW 


1-866-796-6369  or  visit  WWW. EMC.com /offers. 
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Don’t  gamble  with  your  new  data  center.  Make  sure  your 
outsourcer  has  good  answers  to  these  five  questions. 


BY  MARY  BRANDEL 

Can  you  offer  new  data  center  capabilities  on  plat¬ 
forms  other  than  the  ones  you  sell? 

New  data  center  pitches  proffered  by  outsourcing  pro¬ 
viders  that  are  also  systems  and  software  manufacturers  pre¬ 
suppose  an  infrastructure  built  with  their  own  material.  But 
users  also  need  to  know  how  well  their  approach  works  with 
a  varied  environment,  and  whether  the  eventual  plan  in¬ 
volves  a  wholesale  upgrade  to  a  singlevendor  platform,  says  Andreas  Antono- 
poulos,senior  vice  president  and  founding  partner  at  Nemertes  Research.The 
goal  is  adaptive  computing  with  vendor  diversity,  and  at  the  moment,  “it’s  not 
easy  to  do  that,”  he  says. 

Can  we  contract  for  continued  innovation? 

Gartner  recently  completed  a  study  in  which 
users  were  satisfied  with  the  day-tcKlay  operational 
capabilities  of  their  providers  but  not  with  the 
degree  of  innovation  they  offered  once  engaged  in 
the  deal.  By  innovation,  users  meant  automatically 
applying  new  types  of  technology  solutions  to  their 
environments  when  these  made  sense. 

“Users  are  seeing  and  hearing  about  virtualization  and  on-demand  capa¬ 
bilities,  but  they  don’t  see  it  showing  up  in  their  deals"  once  contracts  get 
signed,  says  Bill  Maurer,  a  Gartner  research  director.  He  recommends  insert¬ 
ing  a  contract  addendum  to  make  sure  the  technology  being  applied  to  your 
environment  doesn’t  get  out-of-date  with  what  the  vendor  is  offering  to  newer 
clients.  For  instance,  two  years  ago  vendors  began  regularly  writing  password 
resets  into  help  desk  outsourcing  deals,  but  they  didn’t  retroactively  apply 
them  to  older  contracts,  Maurer  says.You  need  to  write  that  kind  of  flexibility 
into  the  contract. 

Flexible  contracts  are  all-important,  Antonopoulos  agrees.  “Sophisticated 
processes  for  implementing  change  should  be  highly  visible  in  the  contract,” 
he  says.  It’s  a  good  indication  if  the  outsourcer  has  methodical  and  well-in¬ 
strumented  tools  for  the  change  process.  “It’s  one  thing  if  you  have  to  send  a 
triplicate  fax  order  for  having  changes  made  vs.  an  online  application  you  can 
use,”  he  says. 


m 


What  are  my  payment  options? 

Payment  options  are  a  big  indicator  of  whether  a 
provider  is  new  data  center-ready  For  instance,  rather 
than  charging  by  the  CPU  or  per  seat,  Antonopoulos 
says,  it  should  charge  based  on  things  such  as  trans- 
actions  or  traffic  levels,  not  the  use  of  infrastructure. 
The  key  is  to  pay  for  actual,  not  peak,  usage.  “If  the 
metrics  used  for  charging  relate  to  infrastructure  components,  you  have  a  prob¬ 
lem,”  he  says.  Another  indication  is  \Miether  the  provider  charges  on  a  CPU  basis, 
which  indicates  dedicated  servers,  or  a  more  granular,  sub<l!PU  level. 


How  stringent  are  your  service-level  agree¬ 
ments  (SIA)? 

A  key  component  of  the  next-generation  data  cen¬ 
ter  is  transforming  from  “IT  as  a  set  of  systems”  to  “IT 
as  a  service,”  as  well  as  the  ability  to  measure  that 
service  via  meaningful  and  realistic  SLAs,  Antono¬ 
poulos  says.  Old-school  SLAs,  for  instance,  might 
promise  a  four-hour  window  for  a  system  repair.  Nextgeneration  SLAs  cater  to 
the  importance  of  the  application.“You  might  contract  for  silver,  gold  and  plat¬ 
inum  application  platforms,  where  you  choose  your  service  levels  and  pay 
accordingljf  he  says. 


Can  you  validate  your  work? 

To  ensure  the  outsourcer  can  handle  your  partic¬ 
ular  needs,  ask  for  a  minimum  of  three  references 
and  make  sure  they’re  engaged  in  a  similar  type  of 
deal  to  yours,  Maurer  says.“If  you’re  seeking,  say  stor¬ 
age  virtualization,you  better  be  dam  sure  that  if  the 
company  sa}^  it  can  do  it  that  there  are  reference 
checks  in  place,”  he  says.Tlie  reference  should  include  representatives  from 
both  business  and  IT. 


Brandel  is  a  freelance  writer  in  Newton,  Mass.  She  can  be  reached  at  mary  j 

brandel@verizon.net  ; 
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Chamber  Doors 

Access  to  hot  aisle, 
locks  for  security 


Now  you  can  quickly  deploy  a 
standard-  or  high-density  site  of  any  size 
with  scalable,  top-tier  availability. 


Part 

Number 

Usable 

IT  Racks 

Average 
kW  per  Rack 

Price  Price  to  lease 

to  buy  (36  installments) 

ISXCR1SY16K1BP5 

1 

up  to  SkW 

^14,999'' 

ISXT240MD6R 

6 

up  to  5kW 

^149,999''  %,999" 

!SXT240MD11R 

11 

up  to  5kW 

^249,999"  ^7,999" 

ISXT280MD40R 

40 

up  to  5kW 

%99,999*  ^21,999*' 

ISXr2800MD100R 

100 

up  to  5kW 

^1,649,999*  ^50,999" 

High  Density  Configuration  (shown  abovei 

ISXT280HD8R 

8 

up  to  1 0kW 

*399,999*  *12,999" 

All  multi-rack  configurations  feature: 

\/ N+l  power  and  cooling 
%/ Secure,  self-contained  environment 
f/ Peak  capacity  of  20kW  per  rack 
\/  Enhanced  service  package 
%/ Integrated  management  software 


High  density  upgrades  start  at  0,999 
On-site  power  generation  options  start  at  ^29,999 


InfraStruXure™  Manager 


Order  your  solution  today.  Call  888-289-APCC  x3527. 

Visit  today  and  receive  FREE  APC  White  Papers 

Visit  us  online  and  download  APC  White  Papers. 

Don't  see  the  configuration  you  need? 

TM 

Try  ARC'S  online  InfraStruXure  BuildOutTool  today  and  build  your  own  solution. 

Go  to  http://promo.apc.com  and  enter  key  code  f98Bx  Call  888-289-APCC  x3527  Legendary  Reliability* 


What  is 
data  center  on 
demand? 

InfraStruMure' 

DATA  CENTERS  ON  DEMAND 

Highly  available  and  manageable, 
quick-to-install,  scalable  architecture 
that  easily  supports  both  standard- 
and  high-density  applications. 

-  Up  to  20kW  a  rack  for  any 
blade  server  application 

-  Unlimited  racks 

-  Ships  in  5  days*** 

-  Installs  in  1  day*** 

-  Optional  on-site  power 
generation 

-  Raised  floor  not  required 

-  Vendor  neutral  guaranteed 
compatibility 


InfraStruXure'^  can  be  purchased  as 
a  modular,  or  mobile  system 


InfraStruXure  BuildOut  Tool 


'  Prices  do  not  include  IT  equipment  and  are  subject  to  change.  *'  Indicative  rates  are  subject  to  market  conditions.  '**  Install  and  delivery  times  may  vary. 


beats  tn  noT  atr.  preverra!  fuixtrig  witn  room  sir  ? 


BESTOFINTtROP 


BLADE 

READY' 


APC  solutions  that  carry 
the  "Blade-Heedy"  Logo 
are  designed  to  hendle  the 
demanding  network-critical 
physical  infrastructure 
requirements  of  high-density 
blade  server  applications. 


IT  executives  tell  how  theyVe  come  to  their  outsourcing  choices. 


BY  JOANNE  CUMMINGS 

hen  Karl  Kaiser  became 
CIO  of  Minneapolis  five 
years  ago,  he  found  the  IT 
infrastructure  was  not  as 
capable  of  supporting  the 
business  of  running  a  city  as  he  —  and  the  city  con¬ 
stituency  —  wanted  it  to  be. 

“Sixty  percent  of  nty  budget  and  management  energy  went  into  just  keeping 
the  infrastructure  alive,”  says  Kciiser,  noting  that  his  staff  was  overwhelmed  with 
brcfik/fix  duties  inherent  in  the  city’s  multivendor  environment  aind  seemed 
more  concerned  with  geewhiz  technology  than  serving  the  city 

Minneapolis’  4,000  city  workers,  including  police  officers,  firefighters  and  gov¬ 
ernment  officials,  needed  more  them  that.  “They  were  looking  for  services  that 
went  well  beyond  installing  and  fixing  computers.  They  wanted  more  applica¬ 
tions,  especially  Web  applications,”  he  says. 

Besides  new  Web  initiatives,  Kaiser  had  to  fund  a  disaster  recovery  program, 
find  a  new  space  for  his  data  center  (w^iich  was  ending  its  lease  with  the  coun¬ 
ty)  and  staff  the  city  for  24/7  support  —  all  within  a  tight  budget.  Kaiser  took  a 
htird  look  at  outsourcing  and  decided  it  made  sense  —  to  a  point.  He  sold  his 
entire  desktop,  server  and  network  infrastructure  —  amd  its  management  —  to 
Uni^,  while  keeping  application  development  in-house. The  result,  he  says,  is  a 
happier  constituency  and  an  estimated  $20  million  savings  over  the  sevenyear 
life  of  the  contract. 

“I  decided  to  get  out  of  that  business  because  the  information  technology 
assets  and  the  associated  support  functions  in  my  mind  are  a  utility  It’s  like  you 
come  to  the  office  and  switch  on  the  lights.’The  light  comes  on,  but  that  doesn’t 
mean  you  need  to  own  the  power  plant,”  he  says. 

Minneapolis  is  not  alone.  Faced  with  simileir  prospects  and  the  need  to  move 
quickly  to  next-generation  data  center  environments,  many  orgamizations  see  the 
benefits  of  offloading  mundeme  operations  ta^  while  focusing  on  the  value  IT 
brings  to  the  business. 

Starwood  Hotels  and  Resorts  Worldwide,  for  example,  outsourced  its  heu'dware 
and  network  infrastructure  to  HP  in  an  effort  to  ease  its  move  off  a  madnframe 
and  onto  a  next-generation  computing  environment  that  features  Web  services 
running  on  Unfac  and  Linux  servers  (see  related  story  page  84).By  offloading  the 
opesations  side  of  the  house,  IT  could  focus  on  developing  core  profitgenerating 
reservations  and  loyalty  tystems  eipplications,  says  Tom  Osnophy  CTO  at  the 
Wliite  Plains,  N.Y,  hotelier. 

“We  wanted  to  make  sure  we  kept  the  thought  leadership  within  Star- 
wood,”Conophy  says.“You  can’t  just  go  out  and  buy  our  nervation  tystem,  like 
you  would  any  {{X)int  of  sale]  or  CRM  application.  1  would  never  outsource  a  cus¬ 
tom-built  e^jplication  that  is  extremely  crucied  to  our  business.” 

Because  of  the  critical  nature  of  the  applications,  Conoptry  has  retained  own¬ 
ership  of  the  hardware  on  which  they  run.  He  has,  however,  offloaded  hardware 
support.“We  still  look  at  the  Unbe  eind  Linux  configurations  ourselves,  emd  then 


STEVEN  VOTE 


work  with  HP  to  get  those  engineered,  configured  amd  established.  We’re  not 
quite  at  the  point  where  we’re  willing  to  toss  HP  the  keys  —  the  applications  are 
too  custom  and  too  crucial,  and  not  something  HP  could  get  certified  in.” 

Kaiser’s  view  is  more  extreme.  Because  Unisys  now  owns  the  city’s  computing 
resources,  it  has  the  onus  of  gaining  efficiencies  for  the  customized  and  regulat¬ 
ed  municipal  government  environment.“Unitys  bought  my  150  servers  and  put 
them  in  its  data  center,  and  it  has  a  grand  plan  for  consolidation  and  virtualiza¬ 
tion,”  Kcuser  says.“But  1  don’t  really  czue.  It  could  carry  my  data  with  Nike  sneak¬ 
ers  from  one  corner  to  another  as  long  as  it  meets  my  service  levels.” 


Apple  to  apples 

Deciding  w4iether  to  outsource  your  nextgeneration  FT  infrastructure  goes  well 
beyond  studying  criticality  as  companies  typicalty  have  done  when  considering 
what  to  outsource,  experts  say  The  new  litmus  test  is  vriiether  IT  has  become  a 
service  operation.  Only  vv4ien  an  organization  views  IT  as  a  service  can  it  truly 
measure  the  costs  and  weigh  the  value  of  outsourcing,  they  say 
If  an  organization  views  FT  as  a  shared  resource,  then  business  units  no  longer 
expect  or  need  their  own  application  servers,  explains  Andreas  Antonopoulos, 

See  Outsourcing,  page  70 
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Welcome  to  a  network  tool  so  smart,  it's  almost  unreal.  NetWisdom.  The  intelligent  SAN  performance 
monitoring  solution  that  keeps  you  one  step  ahead  of  trouble. 

Instantly  measure  SAN  performance  against  the  baseline  to  verify  you're  meeting  internal  service 
objectives.  The  exclusive  "visual  dashboard"  displays  real-time  health  of  the  entire  fabric.  And  if  your 
SAN  stumbles,  you  can  quickly  identify  and  engage  the  vendor  at  fault,  to  drive  swift  problem  resolution. 

Understand.  Identify.  Resolve.  Fast.  With  the  NetWisdom  SAN  performance  monitoring  solution. 

Dashboard  delivers  a  visual  snapshot 

of  entire  SAN  fabric  performance.  Get  more  details  during  a  free  webinar,  "Improving  SAN  Performance  and  Uptime  with  NetWisdom." 

Sign  up  now  at  http://finisarevents.webex.com 


F  inis  ar 


The  IT  compiexit:y  food  chain 

Binod  Taterway,  founding  partner  at  outsourcing  firm  Blue  Canopy,  identifies  four 
levels  of  complexity  inherent  in  any  IT  organization.  Here  he  explains  them  and  tells 
why  outsourcing  becomes  a  less  practical  option  as  complexity  increases. 

1)  Network  infrastructure.  Lowest  on  the  complexity  food  chain,  networks 
are  the  most  easily  measured  and  managed,  and  thus,  the  most  easily  outsourced, 
Taterway  says.  “Not  only  is  network  infrastructure  well  established,  it  can  also  be 
well  instrumented  so  that  you  can  track  it  easily  and  provide  good  insight  into  it 
It’s  a  good  place  to  start." 

2)  Physical  Infrastructure.  This  includes  hardware,  operating  systems,  storage 
devices  and  so  on.  These  too  can  be  somewhat  instrumented,  he  says,  but  the  com¬ 
plexity  lies  in  their  lack  of  plug  and  play.  “If  one  storage  array  goes  down,  can  you 
switch  to  another,  and  do  you  have  the  infrastructure  to  do  the  switching  and  track  it?” 
he  says.  “And  do  you  have  different  SLA  parameters  because  you’re  providing  stor¬ 
age  on  a  contingency  basis,  and  how  do  you  bill  for  those?” 

3)  Data.  Outsourcing  the  database  environment  is  even  more  complex  because 
sometimes  business  processes  are  stored  within  the  data.  "If  you're  outsourcing  that, 
what  does  it  do  to  your  core  competency?”  he  says.  "Can  you  change  your  business 
processes  on  demand  when  they’re  tied  so  closely  to  your  data,  which  is  managed 
elsewhere?” 

4)  Applications. The  most  complex,  at  least  in  the  IT  world,  are  the  applications 
that  are  core  to  running  the  business.  “If  you  outsource  applications,  you  have  less 
utility  and  a  more  tightly  coupled  relationship  between  the  provider  and  client,"  he 
says.  “It’s  far  less  flexible  and  far  more  difficult  to  do  successfully." 

—  Joanne  Cummings 


Outsourcing, 

continued  from  page  68 

principal  analyst  at  Nemertes  Research  and  author 
of  the  New  Data  Center  newsletter  (www.network 
world.com,  DocFinder:  9321).  “Instead,  each  busi¬ 
ness  unit  gets  access  to  a  slice  of  a  server  that 
allows  it  to  meet  internal  [service-level  agree¬ 
ments].  If  you  can  transform  the  company  culture 
to  accept  shared  resources  and  lose  some  control 
and,  in  return,  get  better  utilization  and  lower  oper¬ 
ational  costs,  then  the  question  of  outsourcing 
becomes  a  lot  easier”  to  answer,  he  says. 

Once  IT  reaches  that  point,  it  should  have  a  good 
idea  of  what  a  specific  application  costs  to  deliver, 
in  terms  of  reliability  availability  and  performance. 
Then  it  can  structure  SLAs  appropriately  and  make 
an  informed  decision  about  whether  outsourcing 
makes  economic  sense. 

“If  you  can’t  measure  it,  you  can’t  outsource  it,” 
says  John  Pierce,  global  solutions  architect  for  out¬ 
sourcer  Patni  Computer  Systems.“The  first  question 
I  ask  when  people  are  considering  outsourcing  is, 
‘Do  you  have  a  chargeback  system?’  If  they  say  no,  1 
think  ‘Oh  boy  this  is  a  disaster  waiting  to  happen’ 
because  that  means  the  users  have  no  idea  what 
this  is  costing  them.  How  can  an  outsourcer  be  ex¬ 
pected  to  control  costs  when  IT  doesn’t  even  know 
what  they  are?” 

In  Pierce’s  experience,  that  means  a  company 
oftentimes  finds  itself  needing  to  commit  to  a  sue-  to 
nine-month  engagement  to  determine  costs,  serv¬ 
ice  levels  and  baselines  before  it  gets  to  the  out¬ 
sourcing  stage,  he  says.  Only  when  those  aspects  are 
understood  should  enterprises  lock  into  long-term 
outeourcing  contracts,  he  adds. 

A  good  starting  point 

The  best  starting  place  for  organizations  that  al¬ 
ready  view  IT  as  a  service  are  easily  measurable 
chunks  of  the  environment,  such  as  storage. 
“Storage  is  easier  to  transform  into  a  service  and 
therefore  it’s  easier  to  outsource  than  other  aspects 
of  your  infrastructure. There  are  complexities  —  an 
online  megabyte  is  different  from  an  offline  mega¬ 
byte  — -  but  they  are  nowhere  near  the  complexity 
required  for  a  server  to  deliver  a  specific  applica¬ 
tion.  Storage  does  not  require  application  updates 
and  operating  system  patches  and  so  on.” 

Starwood’s  Conophy  recommends  starting  with 
functions  such  as  help  desk,  operations  or  network 
management,  while  Kaiser  advises  carefully  consid¬ 
ering  the  complexities  of  each  chunk.  “We’ve 
looked  at  outsourcing  [human  resources],  for 
example,"Kaiser  says.  “In  our  case,  we  have  to  con¬ 
sider  that  we  are  a  public  sector  organization  that 
has  a  heavy  union  environment,  with  26  bargaining 
units  in  the  city.  And  that  means  there  are  certain 
HR  functions  and  requirements  that  may  not  be  as 
easily  outsourced  as  in  the  private  sector.  But  com¬ 
ponents  of  it  —  like  payroll  —  might  make  sense.” 


Staffing  issues 

Staffing  concerns  often  serve  as  an  impetus,  as 
was  the  case  for  Kaiser  in  his  decision  to  outsource 
the  city’s  infrastructure  to  Unitys.  Rather  than  hiring 
high-end,  expensive  expertise,  Kaiser  can  rely  on 
Unisys  to  leverage  its  larger  staff  and  resources.The 
result,  he  says,  is  better  service. 

Much  of  his  operations  staff  went  to  Unisys  in  the 
deal  —  a  decision  Kaiser  says  was  the  best  for  the 
city  and  the  strict  technologists.  “We’re  not  in  the 
technology  business  anymore,"  he  says.  “We  need 
people  who  are  focused  more  on  business  needs 
before  they  even  think  about  technology.  If  you 
want  to  be  in  the  technology  business,  go  to  a  tech¬ 
nology  company  Go  to  Unitys.” 

The  staff  now  is  smaller, yet  happier,  Kaiser  says.“In 
the  past,  we  made  a  process  faster  through  the 
application  of  technology  and  we  didn’t  look  at  the 
process  and  see  if  it  made  sense.  But  now,  we  focus 
on  making  those  business  processes  more  efficient. 
Plus,  the  staff  can  focus  more  on  how  the  networks 
and  infrastructure  can  best  serve  the  business 
process,  without  having  to  worry  about  handling 
support  tasks,”  he  adds. 

Breadth  of  expertise  is  definitely  a  reason  to  con¬ 
sider  an  outsourcer  when  moving  to  next-genera¬ 
tion  technologies,  Nemertes’  Antonopoulos  says. 
“You  need  very  broad  skills,  in  terms  of  maintaining 
a  highly  heterogeneous  environment  and  in  under¬ 


standing  the  technology’s  relationship  to  the  coii- 
text  of  IT  as  a  service,”  he  says.  “So  it’s  not  just  the 
technology,  but  how  it  affects  the  applications  that 
are  running  on  it,  and  what  the  dependencies  are 
between  that  and  the  servers,  and  the  network  and 
everything  else.” 

Most  organizations  don’t  have  the  resources  to 
attract,  maintain  and  manage  people  with  such 
diverse  skills,  he  says.“The  outsourcing  provider  has 
the  economies  of  scale  to  be  able  to  ensure  that  it’s 
not  going  to  hire  one  person  and  then  hardty  use 
him  because  it  has  one  Linux  serveif 

Chicken  or  the  egg? 

Whether  you  choose  to  outsource  or  not,  the  key 
is  to  start  migrating  to  next-generation  technolo¬ 
gies,  experts  say 

“TTie  transition  from  a  current  state  to  the  next- 
generation  data  center  environment  is  one  that 
we’ve  seen  overwhelming  evidence  pays  for  itself,” 
Antonopoulos  says. “So  server  and  storage  aggrega¬ 
tion,  consolidation  and  virtualization  bring  benefits 
immediately  that  will  offeet  their  costs.  The  upshot 
is  that  there’s  a  very  good  ROI  model  for  moving  in 
that  direction  anyway  —  whether  you  decide  to 
outsource  or  do  it  intemalty* 

Cummings  is  a  freelance  writer  in  North  Andover, 
Mass.  She  can  be  reached  at  Jocummings@com 
cast.net. 


YOUR  COMPANY’S  FIREWALL 


Introducing  DuPonf“  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in  protecting 
your  network  technology  investment.  DuPont™  certified  cable  produces  20  times  less  smoke  than  other 
plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most  advanced  fire 
safety  cable  technology  available  today.  To  learn  more  about  DuTonT^  certified  limited  combustible  cable 
or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  i-8oo-20/-o/^6. 


The  miracles  of  science 


On^company  discusse^  na>(^^utxDmation  tools 
de^tops  the  respect  the 
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BY  BETH  S( 


hen  it.  comes  to  the 
automation  portion  of 
your  new  data  center 
strategy,  don’t  forget 
the  desktop. 
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So  says  Herb  Schmoll,  manager  of  end-user  services  at  Jarden 
Consumer  Solutions,  the  Boca  Raton,  Fla.,  company  formerly  known 
as  Sunbeam  Products.  As  much  as  automation  is  changing  network 
and  sarver  operations,  it  is  affecting  desktop  management,  he  says. 
So  great  are  the  implications  that  companies  need  a  “desktop  archi¬ 
tect”  on  staff,  he  believes. 

At  Jarden  CS,  for  example,  a  desktop  architect  has  helped  craft 
automated  patch  man2^ement  processes  and  has  investigated  the 
use  of  application  virtualizatioa  The  primary  tool  at  the  desktop 
disposal  —  the  Altiris  Client  Management  Suite 
(CRi^  — is  a  class  of  tool  that  differs  from  the  typicsJ  help 
desk  usually  associated  with  desldop  manage? 

ment.  Thii  sjwteras  management  suite  performs  functions 
such  as  softwam  distribution,  IT  asset  management,  remote 
control,  PC  backupind  configuration  management. 

“Tools  like  Altiris  hi;^  implications  [for  desktop 

support]  —  suddenly,  1  cai|  do  tbings  the  server  and  net¬ 
work  groups  have  long  been^le  to  do,  JTiat’s  an  order  of 
^la^tude  more  sophisticated  thap  ;ii^|^^^(nanagmnent 
|ias  wer  be^^^hmoU  says. 

^  He  offers'his  automats^'^natch  manage! 
an  example.  With  the  help  of  The  ®®®  1 
AJtiris  integrator,  Sclupoll’s  desktop 
^<^“package  server”  network  for  dlsfribut|r^^ 
and  Office  patches  to^21  Jmdep  CS 
world.  At  all-Wt  one  sitCdd^ktoppmQ^|j|^ 
local  packa^  server,  housing  pat^<^?^" 
an  Altiris  Notification  Server  located 
Item,  Only  in  BoCa  Raton,  which  sery^^| 

!lche  paclM^e  server  reside  on 
he^ays.  When  a  user  machln^ 
to  the  NotfficatiOn 
ap^cH, 

j^e  appropi^te 
I;  transpjnpntj 

hwd^  ambmadcel^,  afle! 

.  ..  ... 
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I  need  someone  wit:h  the 
oredentials,  the  intellect 
and  the  experience  who 
will  be  able  to  stand 
behind  decisions  affecting 
the  desktop. 

HERB  SCHMOLL 

manager  of  end-user  services,  Jarden  CS, 
speaking  of  the  need  for  a  desktop  architect 


niiinra 

1  III  ^^RuiulilBliHTi  1 

niiiiniiiniiiiiH'i 

Hlillilimiiillli 

From  au1:sourced  tea  in*house 

In  early  2002,  Herb  Schmoli,  who  was  managing  end-user  services  at  a  global 
financial  services  company,  got  a  call  from  a  former  boss  to  join  him  at  Sunbeam 
Products.  Much  to  his  coworkers'  amazement,  he  made  the  leap,  landing  at  a 
company  that  had  only  recently  declared  what  was  then  the  U.S.'s  all-time 
largest  bankruptcy. 

But  Schmoli  trusted  his  former  boss,  who  he  had  worked  for  not  once,  but 
twice  before,  and  liked  the  challenge  presented  to  him  —  to  insource  user  sup¬ 
port  in  two  months.  In  a  series  of  initiatives  to  reduce  costs  by  about  $3  mil¬ 
lion,  IT  decided  to  bring  user  support  services,  server  and  application  services 
and  WAN,  telecom  and  AS/400  operations  back  in-house.  For  years,  the  compa¬ 
ny  had  outsourced  those  to  Computer  Sciences  Corp.  (CSC). Though  the  CSC 
relationship  had  not  been  adversarial,  IT  did  expect  services  to  improve  after 
the  insourcing,  Schmoli  says. 

Hired  in  late  March  as  manager  of  end-user  services  for  Sunbeam  (now  Jarden 
Consumer  Solutions),  Schmoli  had  insourced  user-support  services  by  June  1. 

That  effort  entailed  hiring  and  training  his  team  (some  of  whom  he  picked  up  from 
CSC),  evaluating  and  adopting  the  best  of  CSC  practices  (such  as  a  centralized 
help  desk),  and  selecting  basic  technology,  such  as  an  enterprise-scale  incident¬ 
tracking  tool. 

Schmoli  characterizes  the  actual  cutover  from  outsourced  to  insourced  as  a 
"non-event"  for  employees.They  were  given  mousepads  with  a  new  supportfogo, 
but  that  was  about  the  only  change  they  would  have  noticed,  he  says.  "If  someone 
had  a  problem,  he'd  call  the  same  number  and  use  the  same  extension.  He  would¬ 
n't  know  that  behind  the  scenes  that  call  wasn't  going  to  the  CSC  help  desk  in 
Fort  Worth,  but  to  our  new  centralized  help  desk  in  Boca  Raton,"  he  says. 

The  decisions  Schmoli  made  regarding  the  service  desk  and  incident  manage¬ 
ment  were  in  line  with  the  Information  Technology  Infrastructure  Library  (ITIL) 
best-practices  road  map.  For  example,  for  the  service  desk,  he  built  an  SQL-based 
data  repository  that  let  him  track  and  analyze  problems  and  requests  —  and  pre¬ 
pared  the  way  for  implementing  additional  pieces  of  a  services  management 
framework,  including  problem  and  change  management,  both  of  which  were  under¬ 
taken  in  2003. 

Schmoil's  ITIL  work  continues,  as  he  works  on  release  management  best 
practices  this  year  and  plans  on  configuration  management  work  as  a  2006 
agenda  item. 

—  Beth  Schulti' 


Jarden 
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cost  desktops,  is  saving  Jarden  CS’s  desktop  team 
thousands  of  hours  of  manual  effort.  For  instance, 
Schmoli  recently  determined  that  over  the  course  of 
a  couple  of  months,  this  automated  process  resulted 
in  110,000  “touches”  of  user  machines.  Undertaken 
manually  at  10  minutes  per  update,  those  patch  up¬ 
dates  would  have  required  17,000  hours,  or  about 
2,000  working  da}^,  Schmoli  calculates.  Instead,  one 
technician  spent  about  120  hours  testing  the  patches 
and  read54ng  them  for  deployment. 

Likewise,  using  the  software  distribution  capability 
found  in  Altiris  CMS,  Schmoil’s  team  recently  in¬ 
stalled  Office  2003  on  300  employee  desktops  in  the 
course  of  about  an  hour.  Previously  that  effort  would 
have  meant  desktop  support  technicians  going  on¬ 
site  (or  asking  local  “super  users”  to  help  with  the 
installs)  and  spending  a  half-hour  per  user  machine, 
for  a  total  of  about  150  hours,  he  says. 

And,  a  recent  companywide  deplojonent  of  a  new 
version  of  KVS  Vault,  an  Outlook  add-on  for  e-mail 
management,  took  all  of  15  minutes.  Previously,  load¬ 
ing  the  new  software  on  1,400  user  machines  would 
have  tciken  Schmoil’s  team  about  224  hours,  at  10 
minutes  per  machine,  he  says. 

Schmoli  gives  kudos  to  senior  manaigement  at 
Jarden  CS  for  the  open-mindedness  regarding  the 
desktop  group  and  the  tools  allowed.  “The  $200,000 
investment  we’ve  made  in  Altiris  is  not  uncommon 
for  a  network  operations  or  server  engineering  team. 
But  it’s  an  outrageously  large  amount  of  money  to 
give  to  people  who  usualfy  put  Office  on  desktops. 
That  it  would  be  open  to  discussion  is  what  makes 
Jarden  CS  management  out  of  the  ordinarj^’he  says. 

Access  to  sophisticated  systems  management 
tools  makes  having  a  desktop  architect  all  the 
more  important,  notes  Schmoli,  who  has  been  ad¬ 
vocating  a  desktop  architecture  position  for  years. 
His  interest  in  the  idea  arose  after  he  felt  belittled 
during  a  meeting  with  a  “mainframe  guy”  over  com¬ 
puting  power.  Schmoli  prepared  for  the  next  meet¬ 
ing  by  tallying  up  the  RAM,  processing,  storage  and 
so  forth  of  the  desktop  machines  under  his  pur¬ 
view.  He  showed  that  the  company’s  desktop 
capacity  was  four  times  greater  than  that  available 
with  the  mainframe.  “If  I  have  a  ‘computer’  that’s 
that  powerful,  running  1,700  or  so  applications,  I 
think  1  need  an  architect  for  it,"  he  says. 

Within  his  current  organization,  the  desktop  archi¬ 
tect  is  responsible  for  determining  what  employee 
.machines  look  like — what  versions  of  the  operating 
.-ystem  and  applications  are  right  for  each  computer, 
what  policies  and  procedures  to  implement, 
wliether  a  user  gets  access  as  a  guest,  a  power  user 
or  as  an  administrator,  for  example.  Most  companies 
don’t  empower  one  person  to  make  all  these  deci¬ 
sions,  Schmoli  says.  But  with  new-data-center-style 
automation,  such  a  move  certainly  makes  sense.  “1 
need  someone  with  the  credentials,  the  intellect  and 


the  experience  who  will  be  able  to  stand  behind 
decisions  affecting  the  desktop,”  he  explains. 

As  an  example,  Schmoli  tells  of  a  recent  incident 
that  involved  the  netwoik  group’s  rollout  of  a  VPN 
client  with  personal  firewall.The  personal  firewall  dis¬ 
abled  remote  control  software,  a  critical  tool  his  team 
uses  to  support  users.The  desktop  architect  was  able 
to  convince  the  network  operations  manager  that  the 
user  support  group’s  access  to  the  remote  control 
tool  overrode  the  additional,  but  not  critical,  protec¬ 
tion  provided  by  the  personal  firewall.  The  network 
group  uninstalled  the  personal  firewall  until  both 
teams  could  agree  on  a  product  that  met  all  needs. 
(Schmoli  favors  the  personal  firewall  in  XP). 

Apps  on  tap 

With  a  desktop  architect  acting  as  his  technology 
specialist,  Schmoli  is  free  to  be  the  team’s  visionary 
And  the  next  likely  move  he  sees  is  application  vir¬ 


tualization.  Schmoli  sees  this  new  data  center  tech¬ 
nology  as  a  way  of  streamlining  the  software  distri¬ 
bution  proce^.  Altiris  makes  application  virtualiza¬ 
tion  available  in  its  Protect  tool,  which  uses  a  spe¬ 
cialized  File  System  Layer  technology  that  keeps 
track  of  an  application’s  file  ^em  and  registry  foot¬ 
print.  Each  File  System  Layer  can  contain  an  entire 
application  or  other  collections  of  files  and  data. 
These  software  layers  can  be  deleted,  archived, 
migrated  to  other  machines  and  restored  with  user 
preferences  and  data,  all  without  touching  the  un- 
derfying  Windows  installatioii,  according  to  Altiris. 

implication  virtualization  will  speed  the  time  need¬ 
ed  to  individualize  d^ktop  machines,  Schmoli  says. 
And,  application  virtualization  would  make  granting 
temporary  application  acc^  much  easier,  he  adds. 

As  Jarden  CS’s  experience  illustrates,  network  exec¬ 
utives  are  wise  to  remember  that  the  desktop  is  also 
the  computer.  ■ 


The  best  view  in  the  city,  the  countn/,  the  world. 

At  one  time,  DHL  had  a  data  center  in  every  country  in  which 
it  operated.  The  result  was  a  massive  collection  of  small  IT 
networks '-without  a  mission  control.  With  the  help  of  HP 
Services  ond  HP  OpenView  software,  hundreds  of  data  centers 
became  three.  By  consolidating,  DHL  is  now  better  able  to  share 
information,  implement  IT  changes  globally  and  “see”  their 
entire  network  from  a  single  point  of  control.  Now,  change  never 
goes  unnoticed.  For  more  on  HP’s  Consolidation  Solutions,  visit 
hp,corn/info/consolidation 
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Research  analyst  Andreas 
Antonopoulos  identifies 
best-of-breed  tools  for  the 
next-generation  data  center. 

BY  ANDREAS  ANTONOPOULOS 

y  now  we’re  all  well  versed  on  the 
attributes  of  the  “new  data  centerf 
characterized  by  service-oriented 
applications  running  over  a  virtual¬ 
ized  serviceoriented  infrastructure. 
This  next-generation  data  center  brings  the  benefits  of  agili¬ 
ty  lower  operational  costs,  better  utilization  and  rapid  appli¬ 
cation  deployment. 

Architecturally,  a  next-generation  data  center  relies  on  commoditized  pools 
of  resources  that  can  be  combined  to  support  a  variety  of  applications.  This 
architecture  applies  to  the  four  critical  pillars  of  data  center  infrastructure: 
management,  storage,  computing  and  networking.  But  how  can  organizations 
transform  their  data  centers  to  the  next-generation  model?  The  trick  lies  in 
translating  this  vision  into  a  series  of  discrete,  incremental  steps  —  a  road 
map,  in  other  words.The  road  map  comprises  four  major  steps:  consolidation, 
standardization,  virtualization  and  utility. 

With  consolidation,  multiple  devices  are  consolidated  into  a  single  location. 
While  standardization  ensures  that  devices  have  consistent  interfaces  and 
protocols.  Virtucilization  abstracts  the  physical  infrastructure  creating  one  or 
more  virtual  Gogical)  instances  running  on  a  single  physical  resource.  For 
example,  one  physical  server  might  be  virtualized  to  appear  as  eight  virtual 
servers,  perhaps  running  different  operating  systems.  And  utility  describes  an 
infrastructure  that  appears  as  a  service  for  purchase  on  demand,  similar  to  a 
utility  such  as  water,  electricity  or  phone  service. 

These  four  steps  apply  across  each  of  the  critical  infrastructure  pillars.  An  IT 
organization  can  start  with  whichever  pillar  makes  the  most  sense  for  it  —  or 
even  all  at  once.The  best  part  is  that  even  an  incremental  step  in  one  area  can 
deliver  tangible  benefits. 

After  extensive  research  on  the  new  data  center,  Nemertes  Research  has  iden¬ 
tified  some  of  the  most  interesting  products  that“move  the  needle” in  innovation. 
For  each  category  we  looked  at  approximately  30  products  —  120  in  all  —  and 
selec.ted  tho^ie  that  best  demonstrate  customer-driven  design  that  responds  to  the 
needs  of  fl’  executives  implementing  the  new  data  center.  Each  highlighted  prod¬ 
uct  adds  a  key  innovation  or  implements  a  novel  approach  to  data  center  design. 
(Product  descriptions  and  features  are  derived  from  vendor  documentation. 
Nemertes  has  not  tested  the  products  highlighted  in  this  story) 


DAN  PAGE 

Pillar  1:  Management 

Management  has  become  an  increasingly  difficult  data  center  discipline,  pri¬ 
marily  because  real-time  management  and  provisioning  has  replaced  infra¬ 
structure  design  as  the  means  for  delivering  application  performance. 

Specifically  in  the  old  data  center  model,  every  application  would  have  a  set  of 
dedicated  servers,  an  infrastructure  designed  to  the  required  tolerances  for  the 
delivery  of  the  application.  In  the  new  data  center  model,  the  infrastructure  acts 
as  a  blank  slate:  Commoditized  servers  are  loaded  with  operating  system  images 

See  Tools,  page  79 
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Introducing  the  next 
generation  of  KVM 

The  Dominion  KX101 
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All  the  power  of  our  Dominion®  KX  packed  into  a  smaller,  incredibly  versatile  form  factor. 


•  Deploy  them  by  the  hundreds,  even  in  dispersed  locations. 

•  Manage  them  all  centrally  through  a  single  IP  address. 

•  Get  to  them  all  without  the  access  limitations  of  a  KVM  switch. 

Visit  us  online  to  learn  more  about  switchless  KVM  and  the  future  of  infrastructure  management. 


www.KXbutt.com 


^Raritan. 

When  you're  ready  to  take  control.™ 
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powered  bycisco. 

Passwords,  purchase  orders,  e-mails. 

All  flying  through  thin  air,  now  protected  through  thin  air. 
Cisco  self-managing  WLANs  let  you  give  freedom  to  users 
without  giving  up  control.  So  collaboration  happens 
from  conference  room  to  company  canteen. 

And  private  business  never  becomes  public  domain. 
For  more  on  Cisco  WLANs,  go  to 
cisco.com/poweredby. 


w 

f 

Ths  New  Oafta  Canter  October  84, 

An  Editoriel 
Supplement 


■7S 


Tools, 

continued  from  page  76 

zmd  applications  and  provisioned  in  real  time.  Management 
tools  now  are  the  key  to  provisioning  tailored  infrastructures 
(composites  of  servers,  storage,  networking  2md  security)  in 
real  time  and  in  response  to  demand  fluctuations.  This  new 
model  is  far  more  efficient  in  terms  of  utilization  and  can  cre¬ 
ate  cost  savings  by  postponing  purchases  of  servers  and  disks. 
But  it  dramatically  increases  the  demands  on  management 
systems.  An  effective  management  solution  must  be  able  to 
translate  application  requirements  into  a  set  of  configuration 
directives  that  can  be  applied  during  provisioning  of  re¬ 
sources.  It  also  must  be  able  to  monitor  the  individual  ele¬ 
ments,  such  as  servers  and  disks,  aind  be  able  to  relate  an 
equipment  failure  to  the  business  processes  that  are  supr- 
ported  by  that  resource. 

Featured  took:  IBM  Tivoli  Provkioning  Manager 
and  Intelligent  Orchestrator 

IBM  Tivoli  Provisioning  Manager,  through  IT  service  man¬ 
agement  automation  packages,  automates  the  manual  provi¬ 
sioning  and  deployment  process.  Pre4>uilt  automation  pack¬ 
ages  provide  control  and  configuration,  as  well  as  allocation 
emd  reallocation,  of  major  vendors’  products,  while  user-cus¬ 
tomized  workflows  allow  for  implementation  of  a  company’s 
best  practices  and  procedures.  Provisioning  Manager  reduces 
the  need  for  just-in-case  provisioning  eind  helps  automate  on- 
demand  provisioning  and  configuration  across  am  applica¬ 
tion  environment  —  servers,  operating  systems,  middlewaire, 
applications,  storage  and  network  devices. 

The  results  are  powerful:  streamlined  IT  ^^ems  manage¬ 
ment,  improved  human  and  technology  resource  productiv¬ 
ity,  higher  systems  availability  and  fewer  unnecessairy  infra¬ 
structure  purchases. 

The  Intelligent  Orchestrator  tool  extends  the  provisioning 
functionality,  allowing  automation  and  orchestration  of  FT 
resources  on  demand  based  on  business  priorities. 

Intelligent  orchestration  can  help  an  IT  manager  get  better 
utilization  out  of  existing  resources,  minimize  implementa¬ 
tion  time  amd  improve  responsiveness.  The  tool  monitors  the 
servers,  middleware  and  applications  under  its  controksenses 
degrading  performance  and  determines  an  action  plan.  It 
can  determine  where  (for  which  application)  a  resource  is 
needed  and  instruct  the  Provisioning  Manager  to  deploy  a 
server  automatical^  install  the  necessary  software  and  con¬ 
figure  the  network.  Using  capacity  management  capabilities. 
Intelligent  Orchestrator  can  predict  resource  availability  or 
need  and  begin  the  provisioning  process,  on  demand,  to  help 
match  rr  resources  with  fluctuating  workloads. 

Runner-up:  HP  Open\^ew  Management  Suite  for 
Servers 

HP  OpenVlew  Manaigement  Suite  for  Servers,  using 
Radia,  is  policy-baised  change  and  configuration  manage¬ 
ment  software  that  lets  administrators  inventory,  provision 
and  maintain  software  and  content  across  heterogeneous 
server  platforms. 

Runner-up:  l^adeLoglc  Operations  Manager 

BladeLc^ic  Operations  Manager  addresses  the  full  lifectyde 
of  server  management,  ch2mge  control,  administration  and 
compliance  for  a  heterc^eneous  infrastructure. 
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in  each  of  four  categories,  Nemertes 
Research  iooked  at  approximateiy  30 
products,  or  120  in  aii,  to  come  up  with 
this  iist  of  heipfui  toois  for  the  new  data 
center.  Here's  a  quick  iook: 

Man^ment 

Featured  toois;  IBM  Tivoli  Provisioning 
Manager  and  Intelligent  Orchestrator. 
Runners-up:  HP  OpenView  Management 
Suite  for  Servers;  BladeLogic  Operations 
Manager. 

Storage 

Featured  toois:  Cisco  MDS  with  IBM 
TotalStorage  SAN  Volume  Controller  soft¬ 
ware.  Runner-up:  NetApp  V-Series 

Computing 

Riatured  toois:  VM ware's  ESX  Server, 
VirtualCenter  and  VMotion.  Runner-up: 
Egenera  BladeFrame 

Networking 

Featured  tool;  Juniper  DX  Application 
Acceleration  (formerly  from  Redline 
Networks).  Runner-up;  Cisco  ONS  Data- 
Center  interconnect 


Pillar  2:  Storage 

Data  is  the  focus  of  any  data  center,  and  data  storage,  man¬ 
agement  and  retrieval  are  critical  disciplines.  Data  center  stor¬ 
age  encompasses“Iive’’data,^^ich  is  frequently  accessed  emd 
processed,  and  wuious  shades  of  “near-five”  data,  which  is 
stored  on  slower  media  or  offline  zirchivzd  media.  Key  tech- 
nolc^es  2U'e  storagearea  netwoik  (SAN),  network-attached 
storage  (NAS),  virtual  SAN  (VSAN)  and  Fibre  Gicmnel. 

IT  executives  have  had  the  most  success  using  SANs  to 
implement  consolidation  and  virtualization.  The  success  in 
storage  consolidation  and  virtucilization  Ccm  provide  broader 
insights  into  the  power  of  the  next-generation  model. 

Featured  tool:  Cisco  MDS  with  IBM  TotalStorage  SAN 
Volume  Controller  software 

The  Cisco  MDS  9000  famity  is  an  open  platform  for  network- 
hosted  storage  applications.  Cisco  MDS  9000  multilayer  direc¬ 
tors  amd  switches  with  IBM  TotailStorage  SAN  \folume  Con¬ 
troller  softwaire  provide  the  ability  to  virtuadize  storage  secure- 
tyamywhere  in  the  storage  network. 

Cisco  MDS  9000  Rbre  Channel  directors  aind  switches 
house  the  Cisco  Caching  Services  Module  (CSM).Each  CSM 
performs  the  storage  virtualization  functions  of  IBM  Total- 
Storage  SAN  Volume  Controller. 

Higher  security  and  greater  stability  can  be  achieved  in 
Fibre  Channel  fabrics  by  using  YSANs-TTiey  provide  isolation 
among  devices  that  are  pltysically  connected  to  the  same 
fabric.  With  VSANs,  multiple  logical  SANs  can  be  created 
over  a  common  physical  infrastructure,  offering  the  follow- 
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ing  advantages; 

•  Security  —  Isolation  of  fabric  services  keeps  traf¬ 
fic  within  a  single  VSAN. 

•  Scalability  —  Ability  to  add  or  move  individual 
ports  to  a  VSAN,  taking  advantage  of  the  physical 
infrastructure. 

•  Role-based  access  —  Role-based  permissions  for 
switch  configuration  or  administration  are  assigned 
to  users  on  a  pe^VSAN  basis. 

•  Host  VSANs  and  disk  VSANs  —  Disks  that  are  put 
into  a  pool  to  be  virtualized  are  contained  in  their 
own  VSANs.  Similai^  multiple  VSANs  can  be  created 
for  managing  tiered  storage.  The  virtualized  logical 
unit  numbers  are  exposed  to  the  hosts  in  host 
VSANs.  This  limits  the  scope  for  potential  configu¬ 
ration  errors  wdien  adding  hosts  or  storage  to  an 
environment. 

Runner-up:  NetApp  V-Series 

The  network-based  Net^p  VSeries  family  virtual¬ 
izes  tiered,  heterogeneous  storage  arrays,  allowing 
companies  to  leverage  the  dynamic  virtualization 
caqpabilities  across  existing  Fibre  Channel  SANs. 


Pillar  3:  Computing 

Computing  is  obviousfy  the  core  data  center  disci¬ 
pline.  This  can  be  seen  in  the  way  data  centers  are 
often  depicted  in  architecture  diagrams:  servers  are 
prominent  and  other  resources  such  as  storage,  net¬ 
working  and  management  are  drawn  as  back- 
ground.The  servei^entric  view  of  the  data  center  is 
changing  to  a  service-centric  view.  In  the  new  data 
center  model,  computing  resources  (servers)  are  not 
dedicated  to  a  single  application.  Instead,  piools  of 
commoditized  servers  or  blade  servers  are  sliced  up 
and  provisioned  dynamically  Instead  of  designing  a 
tailored  infrastructure  for  each  application,  the  infra¬ 
structure  is  created  on  the  fly  as  a  compiosite  of  dif¬ 
ferent  resources. 

Virtualization  has  two  faces.  Partitioning  is  where 
single  servers  are  sliced  into  multiple  virtual  servers 
running  different  applications  or  even  different  oper¬ 
ating  ^ems.Thus,  a  single  physical  server  can  be 
fully  utilized  even  though  each  application  onfy  re¬ 
quires  a  small  slice  of  capacity.  Clustering  is  the 
opposite  face  of  virtualization,  in  which  several 
servers  are  combined  to  deliver  a  powerful  virtual 


computer  for  highperformance  computing  applica¬ 
tions.  The  greatest  benefit  of  this  server  virtualization 
is  the  ability  to  reuse  resources  for  different  purposes 
and  to  maximize  the  utilization  of  each  resource, 
thereby  postponing  purchases  of  new  servers. 

Featured  tools:  VMware*s  ESX  Server, 
^rtualCenter  and  VMotion 

VMware  ESX  Server  transforms  physical  systems 
into  a  pool  of  logical  computing  resources.  Oper¬ 
ating  ^^ems  and  applications  are  isolated  in  multi¬ 
ple  virtual  machines  that  reside  on  a  single  physical 
server.  System  resources  are  dynamicalty  allocated 
to  virtual  machines  based  on  need  and  administra- 
torset  guarantees,  providing  mainframe-class  capac¬ 
ity  utilization  and  control  of  server  resources. 
Advanced  resource  management  controls  allow  IT 
administrators  to  guarantee  service  levels  across  the 
enterprise 

Centralized  management  of  VMware  servers 
comes  with  VirtualCenterThis  virtual  infrastructure 
management  software  provides  a  central  point  of 
control  for  computing  resources,  it  allows  users  to 

See  Tools,  page  82 
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instantly  provision  servers,  globally 
manage  resources  and  eliminate 
scheduled  downtime  for  hardware 
maintenance. 

With  VirtualCenter,  IT  organizations 
can  benefit  from  server  consolidation, 
the  ability  to  allocate  resources  based 
on  business  demand  and  better  disas¬ 
ter  recovery,  with  the  opportunity  to 
simplify  deployment  of  critical  sys¬ 
tems  and  applications  to  recovery  sites 
and  generate  alerts  in  case  of  service 
interruptions. 

VMotion,  the  third  VMware  technol¬ 
ogy,  enables  intelligent  woridoad  man¬ 
agement  so  changes  can  be  made 
dynamically  without  affecting  users. 
VirtualCenter-managed  ESX  Server 
nodes  with  VMotion  let  IT  executives 
respond  to  a  variety  of  data  center 
needs.  For  example,  they  can  migrate  a 


running  virtual  machine  to  a  different 
physical  server  connected  to  the  same 
SAN  without  service  interruption  or 
perform  zero-downtime  maintenance 
by  moving  virtual  machines  around  so 
the  underlying  hardware  and  storage 
can  be  serviced  without  disrupting 
user  sessions. 

Runner-up:  Egenera 
BladeFVame 

The  Egenera  BladeFVame  combines 
the  utility  of  stateless  servers  with  soft¬ 
ware  that  virtualizes  processing,  stor¬ 
age  and  networking  resources  into  a 
“computing  fabric."  Companies  can 
provision  systems  and  allocate  re¬ 
sources  to  optimize  mission-critical 
applications  in  real  time. 

Pillar  4;  Networking 

Data  center  networking  encom¬ 
passes  a  much  broader  range  of  tech¬ 
nologies  than  those  found  in  campus- 
area  networks  or  WANs,  such  as: 
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•  Server-tchserver  high-performance 
interconnect  networks.  These  can  be 
based  on  InfiniBand  or  Gigabit  Ether¬ 
net  and  provide  for  high-speed  and 
low-latency  interconnect  between 
servers.  This  type  of  interconnect  is 
most  often  used  in  high-performance 
computing  environments  containing 
clusters  of  commoditized  servers  act¬ 
ing  as  one  large  supercomputer. 

•  Server-to-storage  networks.  This 
includes  Fibre  Channel  and  iSCSI 
SANs,  as  well  as  NAS. 

•  Data  center-to<lata  center  inter¬ 
connects  for  replication  of  data  be¬ 
tween  data  centers.To  maintain  high 
availability,  many  companies  deploy  a 
secondary  data  center.  The  primary 
and  secondary  data  centers  are  con¬ 
nected  using  SONET  or  DWDM 
routers,  which  aggregate  different  net¬ 
work  services  on  a  single  multi-giga¬ 
bit  optical  link. 

•  Data  center-to-enterprise  WAN 
and  LAN  networking.  This  final  cate¬ 
gory  includes  acceleration  products 
and  Wide-Area  File  System  (WAFS) 
products  that  provide  data  center 
services  to  the  rest  of  the  enterprise 
WAN  and  LANs. 

Featured  product:  Juniper  DX 
Application  Acceleration  (for¬ 
merly  from  Redllne  Networiui) 

Juniper’s  DX  application  accelera¬ 
tion  platforms  offload  core  networking 
and  I/O  responsibilities  from  Web  and 
application  servers  to  increase  the  per¬ 
formance  of  Web  applications  without 
adding  server  capacity  They  also  sim¬ 
plify  and  improve  data  center  archi¬ 
tectures  by  obviating  numerous  fxjint 
products. 

With  Juniper  DX  application 
acceleration  platforms,  time  to  ac¬ 
cess  business-critical  applications  is 
typically  cut  in  half,  which  can 
mean  a  dramatic  boost  in  applica¬ 
tion  usability  and  acceptance  — 
especially  for  remote  and  branch 
office  users. 

The  DX  platforms  optimize  and 
compress  all  outgoing  Web  data  in 
real  time  without  adding  latency 

Content  fidelity  is  maintained, 
bandwidth  use  is  dramatically 
reduced  and  users  experience  faster 
page  loads  regardless  of  their  loca¬ 
tion  or  networic  connection.  The  DX 
platforms  also  increase  the  capacity 
of  applications  by  serving  as  a  trans¬ 
action  broker,  managing  all  connec¬ 


tions  and  requests  between  servers 
and  users.  The  DX  platforms  maxi¬ 
mize  available  server  and  network 
resources,  freeing  server  CPU  for 
other  tasks  and  yielding  up  to  a  ten¬ 
fold  increase  in  server/application 
capacity. 

The  DX  application  acceleration 
platforms  also  feature  integrated  secu¬ 
rity  functionality  such  as  an  internal 
firewall  functionality  and  support  for 
one-way  or  end-toend  SSL 

Runner-up:  Cisco  ONS  Data- 
Center  interconnect 

The  Cisco  ONS  15500  Series  is 
designed  for  carrying  mission-critical 
storage  and  data  applications  over  a 
highly  available  metro  optical  DWDM 
networic.This  is  suitable  for  metro  data 
mirroring  between  a  primary  and  sec¬ 
ondary  data  center.  The  ONS  15400 
series  is  suitable  for  greater  distances 
>and  data  center  interconnect  to  a  dis¬ 
aster-recovery  site  over  SONET/SDH. 

Beyond  the  four  pillars 

These  four  disciplines  are  the  pillars 
of  the  data  center.  But  they’re  not  the 
only  components  about  which  archi¬ 
tects  should  be  concerned.  Security 
cuts  across  all  of  the  core  disciplines 
and  affects  many  aspects  of  data  cen¬ 
ter  design  and  operations.  Security  en¬ 
compasses  three  primary  data-centric 
goals: 

•  Confidentiality — Authorized  par¬ 
ties  can  only  access  ensuring  data. 

•  Integrity  —  Authorized  parties 
can  only  modify  ensuring  data. 

•  Availability  —  Ensuring  data  and 
applications  are  not  disrupted  (inten- 
tionalfy  or  unintentionally). 

Furthermore,  all  of.  the  above  disci¬ 
plines  bring  the  parallel  transforma¬ 
tional  trends  of  consolidation,  stan¬ 
dardization,  virtualization  and  utility 

Clearly,  data  centers  encompass 
many  different  technologies.  Each 
company  may  rank  the  various  disci¬ 
plines  differently  representing  differ¬ 
ent  oi^anizational  cultures  and  busi¬ 
ness  goals.  The  core  disciplines  and 
asociated  trends,  however,  provide  a 
coherent  framework  for  discussing 
data  centers. 

Antonopoulos  is  senior  vice  presi¬ 
dent,  founding  partner  of  Nemertes 
Research,  and  writes  Network  World’s 
New  Data  Center  newsletter.  He  can  be 
reached  atandreas@nemertes.com. 
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StarwocKd  CTO  Tom  Conophy  explains  his 
outsourcing  strategy. 


BY  JOANNE  CUMMINGS 

Starwood  Hotels  and  Resorts,  the  White  Plains,  N.Y,  hotelier,  is  in  the 
midst  of  migrating  from  a  mainframe  infrastructure  to  a  next-generation 
computing  environment  built  on  Unix  and  Linux  servers.  By  August,  the  company 
will  be  using  its  new  infrastructure  to  support  more  than  150  Java  2  Platform  Enter¬ 
prise  Edition-based  Web  services  for  use  by  its  733  Sheraton,  Westin,W  and  other 
brand  hotel  properties  worldwide.  CTO  Tom  Conophy  expects  that  its  next-gener¬ 
ation  infrastructure  will  save  Starwood  more  than  $20  million  a  year  —  in  part  through  the 
savvy  judicious  use  of  outsourcing  —  while  making  the  company  more  competitive  and  bet¬ 
ter  at  serving  customers.  Conophy  discussed  his  outsourcing  strategy  in  a  recent  interview. 


For  the  move  to  this  next-generation  environment  you  kept  con¬ 
trol  of  application  development  while  outsourcing  almost  every¬ 
thing  else.  How  did  you  make  that  decision? 

We  know  the  costs  of  maintaining,  engineering  and  supporting  the  networic 
hemJware.  Ws  outsourced  [the  infrastructure  pnartion]  because  it’s  closer  to  a 
commodity  and  it’s  easier  to  make  sure  we  have  comjjetitive  pricing  and  so 
on.  What  we’ve  kept  in-^iouse  are  the  reservation  and  loyalty  system  applica¬ 
tions  and  the  development  of  those  because  they  are  more  critical  to  the  busi- 
ness.This  is  where  the  unknown  areas  are  in  terms  of  complexity,  features  and 
new  functions.  If  you  have  a  mature  application  base  and  you’re  just  into 
maintenance,  or  if  you’re  in  an  industry  that’s  not  going  through  chzmge,then 
outsourcing  may  well  be  the  mcKt  cost-effective  way  to  do  it  But  where  we  see 
the  bi^est  savings  from  a  pure  [total  cost  of  ownership]  perspective  is  in  the 
cost  of  the  heufdware  and  the  maintenance  on  that  hardware,  the  software 
licensing  and  the  managed  services  side.  We  built  the  business  case  around 
those  three  items,  and  saw  that  we  could  save  potentially  up  to  $20  mUlion  a 
year  in  this  new  platform,  relative  to  what  we  started  with. 

So  the  outsourcing  decision  is  about  controlling  what's  core  to 
your  business  while  offloading  what  you  can  get  more  cost- 
effectively  elsewhere? 

Correct.  Could  you  operate  your  own  data  center  efficiently  and  in  a  cost 
structure  that  might  be  better  than  these  large  managed  services  compa- 
ni(5s?  Odds  are,  yes.  But  with  skills  and  resource  constraints,  can  jrau  achieve 
that  in  a  midsize  company  like  we  are?  If  I  was  Bank  of  America,  maybe  I’d 
mn  my  own  data  center  because  I’d  get  synergy  by  the  size  of  my  operation. 
But  for  .Starwood,  it  comes  down  to  whether  we  want  to  take  on  that  burden. 
A  welJ-run  organization  might  be  able  to  get  the  cost-efficiencies,  but  it’s  one 
of  those  tlungs  where  the  cost  differential  just  isn’t  that  much,  so  you  might 
as  well  outsource. 


After  whittling  down  your  outsourcer  choices  to  IBM  and  HP, 
you  picked  HP.  Why? 

We  selected  HP  primarily  because  of  its  overall  flexibility.  We  knew  that  our 
business  was  going  to  change  over  time,  and  we  wanted  to  make  sure  that 
we  were  not  locked  into  a  restrictive  managed  services  contract  where  we’d 
be  paying  penalties  because  of  system  growth. 

Also,  we  wanted  to  have  IBM  or  HP  augment  our  staff  to  co-develop  and 
build  out  this  reservation  system,  and  IBM  was  less  flexible  about  the  own¬ 
ership  of  intellectual  property.  Starwood  was  not  going  to  give  up  the  intel¬ 
lectual  property,  and  HP  did  not  have  issues  with  that. 

Did  support  of  new  data  center  technologies,  such  as  virtual¬ 
ization  and  utility  computing,  factor  into  your  decision? 

It’s  a  factor,  but  more  as  a  future.  We  own  our  hardware,  but  if  we  were  in 
some  kind  of  a  leased  model  where  we  rent  CPUs  for  our  high  season,  it 
might  make  sense.  But  right  now,  with  the  cost  of  hardware  being  what  it  is, 
and  the  computing  power  of  the  current  chipsets,  it’s  just  not  a  challenge.  If 
I  need  to  add  more  capacity  for  my  shopping  engine,  I  throw  a  few  more 
Unux  processors  at  it. 

And  your  IT  staff  is  OK  with  the  infrastructure  outsourcing 
strategy? 

[Yes,  because]  the  internal  staff  is  part  of  the  core  team,  which  we’ve  aug¬ 
mented  with  HP  resources.  Now  when  we  finish  this  big  development  push, 
the  HP  staff  can  go.  But  my  core  staff  will  remain  to  face  any  new  challenges, 
and  they  won’t  be  burdened  by  the  more  mundane  [hardware]  mainte¬ 
nance-type  work. 

Cummings  is  a  freelance  writer  in  North  Andover,  Mass.  She  can  be  reached 
at  jocummings@comcast.net. 
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Ranking  Toolbox  software  to  get  your  site  listed 
on  search  engines  like  Yahoo!  and  Google. 

✓  E-mail  account  with  1  GB  space 

Your  included  e-mail  account  lets  you  send 
and  receive  professional-looking  e-mail  using 
your  domain  name  as  the  address. 

%/  DNS  Management 

✓  200  e-mail  aliases 

Domain  forwarding  .  . . 

•/  Domain  locking 

Domain  masking  -- f 

%/  24/7  Support 


THE  ORIGINAL  HOME  OF 
LOW-COST  DOMAINS! 

While  other  hosts  may  change  their 
pricing  in  response  to  the  industry, 

1&1  will  always  offer  feature-packed 
domains  at  consistently  low  prices. 


NO  HIDDEN  COSTS, 

NO  GIMMICKS! 

I&l's  no-nonsense  pricing  comes 
without  conditions.  Register  unlimited 
domains  at  the  same  low  cost  -  and 
with  nothing  additional  to  buy! 


1AND1.COM 


Member  of 


united 


j-^nteiyiiefc 


1.877.G01AND1 


1&1  DOMAINS -LOW 
PRICES,  NO  HIDDEN  COSTS 


REAL  SECURITY 


REAL  CROSS-PLATFORM  REAL  SUPPORT  OPTIONS 


Are  you  adrift  in  a  sea  of  remote  support  software 
options  -  but  with  none  that  meet  all  your  needs? 
NetOp  Remote  Control  is  different.  Unlike  the  bargain 
products  or  those  buried  in  other  applications  - 
NetOp  is  designed  specifically  to  meet  the  remote 
support  and  administration  needs  of  professional 
users  like  you.  NetOp  is  remarkably  flexible,  letting 
you  securely  access  users  running  virtually  any 
operating  system  and  connect  across  all  standard 
communication  protocols.  NetOp's  incredible  speed 
let's  you  quickly  fix  problems  on  distant  LANs,  over 
the  Internet,  or  even  over  slow  modem  connections. 
But  even  more  importantly,  you  can  do  all  this  in 
total  safety,  thanks  to  NetOp's  unparalleled  set  of 
security,  compliance  and  auditing  features.  Give 
your  organization  the  support  -  and  protection  -  it 
deserves.  NetOp  Remote  Control  -  Nothing 
comes  remotely  close. 

©  Copyright  2000-2005  Danware  Data  A/S.  All  rights  reserved.  NetOp  and  the  red 
kite  are  registered  trademarks  of  Danware  Data  A/S.  Other  brand  and  product 
names  are  trademarks  of  their  respective  holders. 


Centralized  user  rights, 
authentication  and 
authorization;  multiple 
passwords,  notification 
options  and  encryption 
levels;  advanced  logging, 
session  recording  and 
more.  Optional  Security, 
Name  and  Gateway  server 
modules. 


Access  any  Windows,  Linux 
or  Mac  OS  X  system  from 
your  Windows,  Linux  or 
Solaris  desktop,  a  web 
browser.  Pocket  PC 
handheld,  via  Terminal 
Services,  dial-up  modems 
or  even  launch  NetOp  from 
your  USB  Thumb  Drive  on 
a  temporary  PC. 


Download  an 
evaluation  copy  at 

www.RemoteControlSW.coin 


NtlOif  _ 

rmium  mi 
CoMrol 


& 
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Award-winning  remote 
control,  inventory,  remote 
management,  file  transfers, 
VoIP  &  text  chat,  scripting; 
tightly  integrates  with 
systems  management 
applications;  configure  & 
deploy  to  remote  users; 
session  recording  and 
playback,  and  much  more. 


Remote  Control 


0 13  ^ 


-^CrassTee 

CotporatwH 


Sales  and  Support:  800.675.0729 
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MMIMEHEIir  SIMIEGIES 

■  CAREER  DEVELOPMENT  ■  PROJECT  MANAGEMENT  S  BUSINESS  JUSTIFICATION 

Diversification  of  the  IT  department 

Businesses  strive  to  incorporate  minorities  into  the  workforce. 


BY  LINDA  LEUNG 

uring  the  holiday  season,  a  big  Christ- 
P  mas  tree  is  displayed  at  the  Prospect 
#  Heights,  111.,  headquarters  of  HSBC 
North  America.  But  the  tree  isn’t  the  only  sym¬ 
bol  of  celebration  featured  in  the  atrium  of  the 
financial  services  company’s  main  office;  a 
Hanukkah  candle  and  a  presentation  honor¬ 
ing  the  celebration  of  Kwanzaa  also  are  on 
view.  This  is  one  of  the  many  ways  that  HSBC 
reinforces  its  culturally  diverse  workforce, 
where  17.4%  of  managers  at  its  3,400-empioy- 
ee  IT  department  are  ethnic  minorities. 


It  appears  that  HSBC  is  bucking 
the  trend.  According  to  a  study  re¬ 
leased  in  June  by  the  Information 
Technology  Association  of  Amer¬ 
ica,  women  and  most  racial 
minorities  are  significantly  under 
represented  in  today’s  US.  IT  work¬ 
force.  The  percentage  of  women 
in  the  IT  workforce  has  declined 
by  18.5%  since  1996  to  32.4%  in 
2004.  (At  HSBC,  27%  of  IT  man¬ 
agement  are  female.) 

The  report  also  says  that  the  per¬ 
centage  of  African-Americans  in 
the  IT  workplace  has  declined  to 
8.3%  in  2004  from  9.1%  in  1996, 
while  the  percentage  of  Hispanics 
in  the  IT  workforce  rose  from  6.4% 
in  1996  to  12.9%  in  2004. 

Despite  these  figures,  HSBC  is 
one  of  many  companies  that  are 
actively  encouraging  a  diverse 
workforce.  “Major  banks  and  re¬ 
tailers  know  that  their  customer 
base  is  diverse  and  they  want 
their  workforce  to  look  like  their 
customers  and  to  be  able  to  relate 
to  them,”  says  Bev  Lieberman, 
president  at  IT  search  firm 


Halbrecht  Ueberman  Associates. 

This  is  being  played  out  at 
Scripps  Networks,  which  pro¬ 
duces  television  networks,  includ¬ 
ing  HGTy  Food  Network  and  DIY 
Network.  Under  an  initiative  for¬ 
malized  last  year,  5%  of  the  bonus 
of  senior  managers,  including  Ron 
Johnson,  Scripps  Networks  vice 
president  of  IT,  is  tied  to  their  suc¬ 
cess  in  hiring  and  attracting  viable 
job  candidates  who  are  ethnic 
minorities  and/or  are  women. 

Of  Scripps’  57  IT  employees,  25 
are  women  and  six  are  ethnic 
minorities.  Of  its  13  IT  workers  who 
are  managers,  five  are  female  and 
one  is  an  ethnic  minority  Johnson 
says  the  company  wants  to  im¬ 
prove  on  those  figures  as  positions 
open  up,  but  “it  has  been  a  chal¬ 
lenge  because  we  are  located  in 
Knoxville  [Tenn.] ;  more  so  than  if 
we  were  located  in  New  York  or 
Los  Angeles  where  there  is  a  natu¬ 
rally  broader  profile”  of  diverse 
potential  candidates. 

To  improve  its  potential  to 
attract  a  diverse  workforce. 


Scripps  hired  Lenore  Washington- 
Graham,  an  African-American 
woman,  as  vice  president  of  strate¬ 
gic  resourcing,  a  unit  of  human  re¬ 
sources  spearheading  the  divers¬ 
ity  drive.  She  flies  the  Scripps  flag 
at  conventions  aimed  at  His¬ 
panics  and  African-Americans 
with  a  master’s  of  business  ad¬ 
ministration  (MBA),  while  HR 
places  job  advertisements  on 
minority  Web  sites. 

“There  are  certain  types  of  IT 
jobs  where  it  is  easier  than  others 
to  hire  minorities,  such  as  in  desk¬ 
top  support  and  help  desk,  but  as 
you  go  up  the  skills  ladder,  it  gets 
more  difficult,”  Johnson  says. 

To  help  widen  the  candidate 
pool,  Scripps  will  relocate  minor¬ 
ity  candidates  for  below-director- 
level  jobs. 

Unlike  Scripps,  HSBC  does  not 
relocate  new  recruits,  and  so  at 
its  28  remote  IT  units  in  less  eth¬ 
nically  diverse  areas,  such  as  in 
Buffalo,  N.Y,  the  IT  teams  reflect 
their  surrounding  areas,  says  Mike 
Woodward,  vice  president  of  HR 
in  HSBC’s  IT  services  department. 
“But  we  do  proactive  things  like 
fund  the  HSBC  Chicago  chapter 
of  the  Black  Data  Processing  Asso¬ 
ciates,  and  employees  attend 
local  meetings,”  he  says.  HSBC  hir¬ 
ing  managers  also  are  actively 
involved  with  the  National  Black 
MBAAssociation,National  Society 
of  Hispanic  MBj^  and  Inroads,  a 
non-profit  that  trains  and  devel¬ 
ops  minority  youths. 

Hiring  more  women  in  the  IT 
team  is  a  top  priority  for  Linda 
Reed,  vice  president  and  CIO  at 
Atlantic  Health  System,  which 
operates  three  hospitals  in  New 
Jersey.  During  her  19  years  in 
healthcare,  Reed,  a  registered 
nurse,  moved  up  the  ranks  from 
the  hospital  bedside  to  the  CIO 
office. 

Since  joining  Atlantic  as  CIO  a 
year  ago,  Reed  has  been  encour¬ 


aging  clinicians  —  most  of  whom 
are  women  —  to  transfer  to  IT  as 
business  analysts.  Of  Atlantic’s  140- 
employee  IT  department,  30%  are 
business  analysts,  the  majority  of 
whom  are  women.  This  compares 
to  just  a  handful  of  women  in  the 
department  when  Reed  joined, 
she  says.  But  there  is  still  a  dearth 
of  women  candidates  for  the  more 
technical  IT  jobs,  such  as  network¬ 
ing  and  telecom,  Reed  says. 

“Healthcare  is  traditionally  a 
femalodominated  profession,  be¬ 
cause  many  are  nurses,”  Reed 
says.  “If  you  look  at  my  IT  depart¬ 


ment,  we  do  have  more  women 
because  they  came  out  of  the  hos¬ 
pitals.  The  most  important  thing  is 
to  be  able  to  tie  together  business 
and  IT’ 

Reed  acknowledges  that  for 
some  clinicians,  moving  into  IT 
was  scary“We  encouraged  them 
to  look  at  the  growth  opportunity 
It’s  taking  nursing  and  enhancing 
it  in  different  ways.You  need  clini¬ 
cal  people  to  understand  how 
[patient  care]  works.  It’s  the  next- 
generation  of  clinical  services  — 
healthcare  information  will  be¬ 
come  electronic,”  she  says.  ■ 
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western  telematic  incorporated 
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Yes,  We  are  Customer  Friendly! 

^  Jm  Year  Warranty 

y'  We  Stock  for  Same  Day  Shipment 

/  30  Day  Return  Policy 

/  Cali  or  Email  for  an  Online  Demo 


Dual 

Power 

Inputs 


Model 

NBB-1600 


www.wtLcom 


Control  Power  on  Any  AC 
Powered  Device ... 

Via  Wei!  Browser,  Telnet, 
Modem  or  Local  Terminal 


Servers,  routers,  and  other  electronic  equipment  occasionally 
“lock-up”,  often  requiring  a  service  call  to  a  remote  site  just  to 
flip  the  power  switch  to  perform  a  simple  reboot.  With  WTI’s 
Remote  Power  Switches,  you  can  perform  reboot  and  On/Off 
control  from  anywhere! 

(y)  Web  Browser  Access  for  Easy  Setup  and 
Operation 

(v)  Encrypted  Password  Security 

(v)  Dual  1 5  Amp  Power  Circuits 
Total  30  Amps  Maximum  Load 

(v)  115  VAC  and  230  VAC  Models 
(v)  Up  to  Sixteen  (16)  Individual  Outlets 
(1^  RS232  Modem  /  Console  Port 
(v)  Network  Security  Features 
©  Power-Up  Sequencing 

Web  Browser  Interface 


IPS- 1600 


GDI  offers: 

n-»  Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 
n-«  Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  *-^1 

Remote  Power  control  * 

Homologous  world-wide  approved  •- 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 
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Communication  Devices  Inc. 
www.outofbandmanagement.com 


MONITOR  SERVER  ROOM 

THREATS! 


ENVIROMUX-MINI 


•  Monitor  threats  such  as  temperature,  humidity 
and  water  leaks 

•  Be  notified  via  email,  SNMP  traps,  web-page 
alerts  and  a  visual  indicator 

•  Low  cost  and  compact  size  system 

Receive  a  FREE  1 0  ft.  Temperature  Sensor  when 
you  purchase  an  ENVIROMUX-MINI  by  12/31/05. 


Call  800-742-8324  and  mention  reference  code  ENV-NW. 

NETWORK  Visit:  www.ntl1.com/nw.html 

TECHNOLOGIES  Email:  sales@ntigo.com 

INCORPORATED  Call:  800-742-8324 


How  much  can  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built  to 
monitor  the  entire  network  (LAN,  802.1  la/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  1 0  evaluation  today  and  experience 
more  comprehensive  real-time  statistics,  more  expert  events,  and 
more  in-depth  analysis  letting  you  dive  deeper  into  your  network 
than  ever  before.  Choose  Observer. 

-  DRflGER-  Guard  against  the  latest  network  threats  by  identifying 
and  isolating  infected  systems  automatically. 

-DRTR  M I  n  I RG-  Analyze  gigabit  traffic  and  massive  amounts 
of  data  with  Observer's  expanded  options  for  data  mining. 

-JURK  TRRFFIC-  Identify  broadcast  storms,  monitor  excessive 
traffic,  and  optimize  bandwidth  with  Observer's  many  utilization 
metrics  and  over  30  real-time  statistics. 

US  &  Canada  toll  free  800.526.5958 

fax  952.358.3801 

UK  &  Europe  -1-44(0)1959569880 

www.networkinstruments. com/analyze 


IK  Rfiav5l5 


+  % 

-DRTR 

M 1 R 1 RG” 

Server  Technology.  Inc;  .’  vtoff  free'«f1.8QQ.835.10'5 
1040  Sandhil)  Drive 2752^4.2(100 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  ID  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,208VAC  or  mixed  HO/208VAC 
Single-phase  outlet  receptacles.  . 

Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures  . ' 

and  Humidity  - 

Switched  CDU 

>  Local  input  current  Monitoring’/- 

>  Supports  External  Temperature  'ahd 
Humidity  Probes 

>  IP  Monitoring  of  Pc)vf|r|f'epTi3^falures 

and  Humidity  ‘  v 

>  Remote  Powehwitrotkf  Each  Outlet 
—  On  /  Off  /  Rebodtffv  '^':' 

M''  -'MS' 
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- -'Servet  Technology, -Inc.  Sentiy  is  a  trademark  of  Server  Technology,  Inc. 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 


What's  on  your 

Network? 


Find  out  with  NetSupport... 


Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 


Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 

NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 


NGiT^UPPORT 

NG>tSupp;^t 


Visit  www.netsupport-inc.com  and  download  a  full  trial  license  today.  Sales:  1-888-665-0808 

And  In  30  minutes  start  viewing  your  vital  Asset  Information.  www.netsupport-inc.com 


dtSearch 


Instantly 
Terabytes  ofT^_ 


NEWMeiisilm 


The  Smart  Choice  for  Text  Retrieval®  since  1991 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  hipflflhtsTiB^  in  HTML,  XIVIL  and  PDF  while  displaying  embedded 
links,  formatting  andiriffitj[‘>H_^ 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


Reviews  of  dtSearch 

♦“The  most  powerful  document  search  tool  on  the  market”  —  Wired  Magazine 
♦“dtSearch ...  leads  the  market”  —  Network  Computing 
♦“Blindingly  fast”  —  Computer  Forensics:  incident  Response  Essentials 
♦“A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 
♦“Super  fast,  super-reliable”  —  The  Waii  Street  Journai 
♦“Covers  ail  data  sources ...  powerful  Web-based  engines”  —  eWEEK 
♦“Searches  at  blazing  speeds”  —  Computer  Reseiier  News  Test  Center 
See  www.dtsearch.com  for  hundreds  more  reviews  &  case  studies 


Increase  your  data  center  availability 


...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 


Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 


Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 


Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  orTelnet  interfaces. 


Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 


From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 


Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure™ 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


H 


(nhraStruXure 


With  over  15  million 


satisfied  customers, 

TM 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  f792x  •  Call  888-289-APCC  x6789  •  Fax  401-788-2797 


APC's  Legendary  Reliability 
guarantees  peace  of  mind. 


Legendary  Reliability® 


©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  1 32  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 
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1.408.727.1122 

info@recurreiit.coin 

[SeCCS^^t 

3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 
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K  Fop  the  latest  and  most 
>  in-depth  information  on 
network  IT  products  from 
these  companies  and  more, 

go  to  VENDOR  SOLUTIONS 

www.networkworld.(X)m^^ 
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WLAN 

SPECTRUM  ANALYZER 

True  Spectrum  Analysis! 

Not  a  WLAN  chip  set 

All  2.4  and  5 
GHz  bands  in 
one  unit  for 
only  $4400. 

Single  band 
2.4  GHz  unit 
for  only  $2600. 
Calibrated  Antennas 
Immediate  Delivery 

BANTAM  INSTRUMENTS 

www.Bantamlnstruments.com 
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networkTAPs© 

_ _ _ _ ) 

TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  oTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 
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Ethernet  Copper  /iTAP  , 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . . . $395 

10/100/1000 . $995 

10/100/1000  Conversion  nTAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 


SX . $1,495# 

LX . . . .$1,495# 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery.* 


■  F©  ce 


•free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  1 2  pm  GT. 

nTAP  and  the  nTAP  logo  are  trademaifo  or  re^isiered  trademarks  oT  Network  lnstniments,lLC. 
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VORTEXSFo5 
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dard  for  every  major  computing  platform  and  are 
caretakers  for  more  than  two-thirds  of  the  world’s 
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all  sizes  mcmage  information  as  it  grows  and  changes 
value  through  information  lifecycle  management. 

Our  23,000  people  worldwide  are  committed  to  our 
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Srypto 

continued  from  page  1 

review  —  will  eventually  gain 
must-have  status. 

The  IETF  isn’t  in  the  job  of  vet¬ 
ting  ciypto  algorithms,  as  that’s 
regarded  as  a  job  for  government 
agencies  throughout  the  world, 
typically  with  a  lot  of  input  from 
outside  experts.  But  the  IETF  is 
careful  to  include  only  sound 
crypto  into  its  protocols. 

Like  practically  everything  in 
the  IETF  standards  process,  get¬ 
ting  new  crypto  into  IETF  proto¬ 
cols  such  as  Secure  Multi-pur¬ 
pose  Internet  Mail  Extensions 
(S/MIME),  IPSec  and  Transport 
Layer  Security  (TLS)  can  take 
years. The  Russians  and  the  South 
Koreans  have  been  among  the 
most  persevering  in  seeking  to 
get  their  national  ciphers  through 
the  process. 

In  a  sign  of  success,  several 
IETF  RFCs  recently  were  issued 
for  using  South  Korea’s  128-bit 
symmetric  key  SEED  and  the 
Russian  256-bit  GOST,  which  is 
extensible  to  768  bits.  (The 
longer  the  key  size,  the  presum¬ 
ably  harder  it  is  to  break  en¬ 
crypted  data,  though  other  fac¬ 
tors  define  an  algorithm’s  intrin¬ 
sic  strength.) 

“In  this  conscious  effort  to  regis¬ 
ter  a  cipher  suite,  they’re  being 
good  Internet  citizens,”  says  Russ 


Housleythe  IETF  security  area 
director  who  heads  his  own  firm, 
Vigil  Security 

SEED,  developed  by  the 
Korean  Information  Security 
Agency  (KISA),  is  defined  for 
use  in  TLS  and  S/MlME,  with 
IPSec  support  on  the  way.  Four 
of  KlSA’s  security  experts, 
Hyangjin  Lee,  Jaeho  Yoon, 
Seoklae  Lee  and  Jaeil  Lee, 
wrote  the  technical  drafts, 
detailing  use  of  SEED  and  testi¬ 
fying  that  it  is  “robust  against 
known  attacks.”  It  is  said  to  be 
widely  used  by  financial  ser¬ 
vices  companies,  including  the 
Bank  of  Korea,  for  VPN  and  dig¬ 
ital  rights  management.  SEED  is 
supported  in  products  from  an 
assortment  of  global  compa¬ 
nies,  including  Chrysalis-ITS, 
nCipher,  Rainbow  Technologies 
and  Schlumberger. 

The  Russians  also  are  making  a 
splash  at  the  lETpwith  security 
vendors  Crypto-Pro,  Factor-TC, 
Infotecs  and  Fguestc  lobbying  for 
the  Russian  block  cipher  GOST 
28147-89  (GOST  is  short  for  the 
Russian  word  for  government). 
Because  of  their  efforts,  GOST 
recently  became  an  option  for 
use  in  IETF  protocols. 

“GOST  is  the  Russian  national 
standard,  but  it  turns  out  GOST 
left  something  unsaid  about 
what  was  needed  for  interoper¬ 
ability,  so  the  Russian  crypto 


Global  crypto 

Cryptographic  technologies  from  around  the  world  have  started 
working  their  way  into  the  IETF  standards  process.  A  sampling: 

South  Korean  crypto  coiitribiition: 

February 

•  RFC  4009  (The  SEED  encryption  algorithm) 

•  RFC  401^(Use  of  SEED  encryption  algorithm  in  cryptographic  message  syntax) 

August 

•  RFC  4162  (The  Addition  of  the  SEED  Cipher  Protocol  Suites  to  Transport  Layer 
Security) 

Russian  crypto  contribution: 

September 

•  Internet  draft  (Using  the  GOST  28147-89,  GOST  R,  34.11-94,  GOST  R  34.10- 
94  and  GOST  R  34.10-2001  algorithms  with  the  cryptographic  message  system) 

Note:  The  addition  of  new  crypto  to  lETE  protocols  is  described  in  the  IETF  working 
group  document,  "Summary  of  S/MIME  Mail  Security  work  on  updating  cryptographic 
algorithms." 


vendors  got  together  to  make 
sure  the  standard  could  sup¬ 
port  interoperable  products,” 
Housley  says. 

The  vendors  worked  with 
Russian  security  agencies  to 
square  away  some  details,  be¬ 
cause  in  Russia  vendors  can’t 
sell  an  encryption  product  until 
the  government  inspects  it. 
GOST,  which  is  going  into  the 
Russian  Federal  Treasury’s  mas¬ 
sive  public-key  infrastructure 
project  for  document  encryq)- 


The  link  between  ciTpto  and  politics 


IT  security  company  Cybertrust  knows  a  thing 
or  two  about  cryptographic  algorithms  and 
world  politics.  It  is  supporting  the  Russian 
Treasury’s  public-key  infrastructure  project, 
which  is  expected  to  result  in  about  1  million 
users  of  digital  certificates  based  on  Russian 
crypto  standards. 

Pieter  Kasselman,  senior  research  engineer 
at  Cybertrust,  says  governments  around  the 
world  historically  developed  their  own  crypto¬ 
graphic  algorithms  because  they  weren’t 
“always  comfortable  with  cryptographic  algo¬ 
rithms  that  are  developed  outside  their  influ¬ 
ence  sphere."  He  notes  crypto  can  become  a 
factor  in  trade  talks  or  negotiating  strategy 
with  other  nations. 

That’s  what  has  happened  with  China,  where 
the  Chinese  WAPI  standard  is  required  for  wire¬ 
less  LANs  (WLAN),  which  has  loomed  as  a  huge 
trade  barrier  in  the  eyes  of  the  U.S. 

The  I'nain  reason  for  the  friction  over  WAPI  is 
that  the  Chinese  included  a  secret  unpublished 
cryplo  algorithm  in  it  that  is  intended  to  be 


licensed  only  to  authorized  Chinese  firms.  That 
was  viewed  as  an  unfair  trade  practice  by  the 
U.S.The  dispute  is  ongoing,  sources  say. 

Several  crypto  experts  who  spoke  off  the  record 
say  they  suspect  the  secret  algorithm  probably 
has  a  back  door  so  the  Chinese  government  could 
easily  decrypt  data.  If  so,  the  Chinese  aren't  the 
first  to  propose  that  on  a  national  scale. 

Such  a  back  door  was  proposed  for  national 
use  in  the  U.S.  in  the  1990s  by  the  Clinton  admin¬ 
istration.  Encouraged  by  the  National  Security 
Agency,  the  administration  took  the  position  that 
strong,  unbreakable  encryption  in  the  commercial 
sector  was  a  threat  to  law  enforcement. 

The  National  Institutes  of  Standards  and 
Technology  came  up  with  the  Escrowed 
Encryption  Standard.  It  included  the  secret 
Skipjack  algorithm. 

Skipjack  was  eventually  published,  and  though 
it’s  largely  forgotten  outside  government  circles,  it 
did  make  its  way  into  the  IETF  as  a  recognized 
cipher. 

—  Ellen  Messmer 


tion  and  signing,  doesn’t  gener¬ 
ate  much  excitement  among 
crypto  professionals. 

“It’s  an  old  Soviet-era  algorithm 
that  got  declassified,”  says  Bert 
Kaliski.vice  president  of  research 
and  chief  scientist  at  RSA  Secur¬ 
ity,  whose  RSA  algorithm  is 
famous  for  helping  to  establish 
public-key  technology  in  the 
1970s.“Sometimes  weaknesses 
have  been  discerned  in  it.” 

But  it’s  not  known  to  be  broken, 
Kaliski  says. 

“There  are  debates  about  the 
validity  of  GOST,”  says  Jon  Callas, 
CTO  at  PGRthe  company  that 
makes  e-mail  and  file  encryption 
software.“But  there’s  a  need  for  it 
inside  Russia,  because  if  you’re  in 
banking  or  government,  you  have 
to  use  GOST.” 
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Callas,  who  heads  the  IETF 
group  that  developed  the  Open- 
PGP  standard,  is  holding  discus¬ 
sions  with  colleagues  on  whether 
to  implement  GOST  in  OpenPGP 
He  notes  that  there’s  “always  ten¬ 
sion  between  more  ciphers  and 
less  ciphers.  If  there  are  more 
ciphers,  then  implementers  have 
more  work.” 

In  addition,  if  a  crypto  algo¬ 
rithm  chosen  for  selection  in  an 
IETF  standard  were  broken,  it 
would  generate  a  collective 
sense  of  disappointment. 

Once  it  was  known  that  56-bit 
DES,  defined  as  the  U.S.  standard 
in  the  1970s,  was  breakable  in 
the  1980s,  the  shift  was  made  to 
Triple-DES  for  longer  key  length. 
But  Triple-DES  encryption  is 
often  viewed  as  slow,  and  the 
search  was  on  for  a  DES 
replacement. 

AES  emerged  as  the  winning 
algorithm  in  the  US. —  the  fact 
that  Americans  didn’t  craft  it  has 
boosted  its  appeal  internationally 
many  say  —  but  a  number  of 
other  worthy  contenders  have 
come  and  gone. 

A  Canadian  algorithm  called 
CAST  (named  after  its  inventors 
Carlisle  Adams  and  Stafford 
Taveres)  is  viewed  as  a  classic, 
even  if  not  widely  used  today“lt’s 
blindingly  fast,”  Callas  says. 

One  advantage  in  an  IETF 
registration  for  a  crypto  algo¬ 
rithm  is  that  it  not  only  pro¬ 
vides  an  endorsement,  but 
defines  technical  depth  that 
helps  support  interoperability, 
Kaliski  says. That’s  important 
for  anyone  working  on  busi¬ 
ness  projects  in  countries 
around  the  world,  he  says.B 
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VORTEXSFo5 

OCTOBER  24-26  I  THE  PALACE  HOTEL,  SAN  FRANCISCO 


Thank  you  for  supporting  VORTEXSF05  and  making  the  event  a  success! 
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A  &  R 


PARTNERS 


A  &  R  Partners 

A&R  Partners,  Inc.  is  an  experienced  high-tech  public 
relations  firm  providing  communications  services 
such  as  strategic  message  development  and  press, 
analyst,  and  investor  relations.  A&R’s  clients  include 
companies  in  the  enterprise  software,  infrastructure 
and  security,  consumer  technology,  and  mobile  and 
wireless  markets. 
www.arpartners.com 
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Invest  Northern  Ireland 

Invest  Northern  Ireland  is  a  government  agency 
that  assists  with  the  business  development  efforts 
of  companies  interested  in  expanding  and  building 
partnerships  overseas.  Investors  such  as  Microsoft, 
Oracle,  SAP  and  Citigroup  have  all  recognized  that 
setting  up  operations  in  Northern  Ireland  gives 
them  access  to  a  desirable  workforce,  a  robust 
infrastructure,  top  universities  and  financial  support. 

www.investni.com/invest 


Qualco/ww 

QUALCOMM  Incorporated 

QUALCOMM  Incorporated  is  a  global  leader  in 
developing  and  delivering  innovative,  end-to-end 
wireless  products  and  solutions  based  on  CDMA 
and  other  advanced  technologies.  Its  customer  base 
includes  the  world’s  premier  handset  and  infrastruc¬ 
ture  manufacturers,  and  its  partners  include  leading 
wireless  network  operators.  QUALCOMM’s  products 
and  services  enable  these  and  other  key  participants 
in  the  wireless  value  chain  to  enhance  the  wireless 
experience  of  those  most  critical  to  the  success 
of  3G  —  consumers,  businesses  and  government. 

www.qualcomm.com 
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Mark  Gibbs 


How  to  survive  in  FT 


s 


o  you  have  decided 
I  on  a  career  in  IT  in- 
'  stead  of,  say  being  a 
dancer  on  Broadway  or 
becoming  a  fugu  chef  in 
Japan.  Given  that  you  consider  IT  more  interesting  than 
appearing  in  50,000  performances  of  “Oliver”  and  less 
risky  than  serving  up  potentially  lethal  sushi,  what  should 
you  know  about  not  just  surviving  but  prospering  in  the 
fast  paced  and  exciting  world  of  information  technology? 

First,  you  need  to  know  that  you  will  never  be  indispens¬ 
able.  Even  if  you  rise  to  the  level  of  CIO  or  CTO  or  whatev¬ 
er  the  top  IT  wonk  is  called  in  your  company  there  are 
limits  to  how  critical  your  services  are  to  the  organization. 

So  before  you  sneer  at  the  CEO  when  he  asks  where  the 
“any”  key  is,  just  remember  you  can  be  replaced  and, 
given  the  current  economic  climate,  this  can  be  done 
without  going  to  a  lot  of  trouble  or  expense. 

Second,  you  need  to  know  that  you  can’t  avoid  politics. 
And  before  you  ask  —  nope,  you  can’t  just  ignore  corpo¬ 
rate  politics  because  they  are  central  to  how  groups  of 
people  establish  the  parameters  of  working  together. 

While  there  is  a  theory  that  nice  can  win  out  in  office 
power  struggles  (see  the  posting  “Penelope  Trunk:  Office 
politics  are  not  optional”  on  Network  World’s  IT  Border¬ 
lands  Weblog  (www.networkworld.com,  DocFinder:  9353), 
the  truth  is  that  nice  in  and  of  itself  doesn’t  work  alone.  It 


helps  but  it  isn’t  key 

<digression.>Contrary  to  the  Borderlands  Weblog,  I’d  sug¬ 
gest  if  you’re  not  nice  then  trying  to  act  otherwise  is  not  a 
long-term  strategy  or  even  a  viable  short-term  tactic. The 
idea  that  you  can  disguise  the  “inner  you”  and  change 
how  you  behave  is  not,  as  the  Borderlands  column  sug¬ 
gests,  the  work  of  a  few  minutes,  hours,  days,  weeks  or 
even  months  —  it  takes  years.Try  to  act  some  way  that 
isn’t  yourself  and  you  will  be  found  out.</digression> 

First  of  all,  you  can’t  win  at  office  politics.  No  one  can 

You  need  to  know  you  will  never 
be  indispensable 

except  occasionally  in  the  short  term.The  goal  is  to  sur¬ 
vive  office  politics  and  here’s  how  you  do  it:  First,  don’t  lie. 
Ever.  Not  even  white  lies.  Second,  don’t  gossip.  By  all 
means  be  amused  by  gossip  but  don’t  get  involved  and 
don’t  spread  it. Third,  don’t  try  to  be  manipulative  or 
underhanded  in  any  way  That  rarely  works  and  when  it 
doesn’t  you  will  make  enemies. 

My  final  advice  in  planning  an  IT  career  is  you  should 
have  a  good  idea  of  the  limits  of  your  ambition.  Want  to 
work  24/7/365,  live  out  of  a  suitcase  and  be  the  “goto” 
guy?  In  IT  there  is  no  end  of  jobs  like  that,  but  if  you  have 
any  plans  for,  say  a  family  life,  then  this  is  unlikely  to  be 


the  job  for  you.  Even  if  you  are  single  this  is  a  level  of  pres¬ 
sure  few  can  tolerate  in  the  long  term. 

On  the  other  hand,  what  if  you  just  want  a  9-to5  job  and 
be  able  to  go  home  and  not  think  about  IT  until  the  next 
morning?  No  problem,  but  understand  you  are  unlikely  to 
rise  very  high  in  the  hierarchy  even  if  you  have  outstand¬ 
ing  skills  because  you  won’t  be  an  insider,  you  won’t  be 
part  of  the  “team.” 

(Why  is  everything  by  a  “team”  these  days?  My  bank  cor¬ 
responds  with  me  and  signs  themselves  “account  team”. 
Software  companies  have  beta  teams  and  resellers  have 
sales  teams.  Will  it  never  end?) 

The  strategic  approach  is  figuring  out  how  much  you 
want  to  give  yourself  over  to  your  job  and  whether  the 
compensation  is  worth  it,  because  one  thing  is  sure:  If  the 
economic  ordure  hits  the  whirling  blades,  you  will  find 
that  my  first  point  about  not  being  indispensable  will  be 
clearly  demonstrated  and  suddenly  finding  that  your  com¬ 
mitment  and  raw  enthusiasm  didn’t  really  matter  will  be  a 
hard  blow. 

IT  is  a  wonderful  career  that  can  be  stimulating,  chal¬ 
lenging,  absorbing  and  rewarding. You  just  need  to  have  a 
plan  and  Understand  the  realities. 

Your  reality  can  be  sent  to  backspin@gibbs.com  or  aired 
on  Gibbsblog  at  www.networkworld.com/  weblogs/ gibbs 
blog/. 


ETBUZZ  News,  insights,  opinions  and  oddities 


Paul  McNamara 


Google’s  making  everyone  mad 

Another  week  brings  yet  another  bunch  of  folks  who 
are  mad  as  all  get-out  at  Google. The  company  that  once 
could  do  no  wrong  now  routinely  finds  itself  being  com¬ 
pared  with  Microsoft  —  and  not  in  a  good  way. 

Last  week  it  was  book  publishers  and  bloggers  whack¬ 
ing  Google  upside  the  head. 

Both  have  good  cause,  too. 

Books  first.  As  you  may  have  read,  the  Association  of  American  Publishers  (AAP) 
and  five  of  its  most  prominent  members  —  McGraw-Hill,  Pearson  Education, 

Penguin  Group,  Simon  &  Schuster  and  John  Wiley  &  Sons  —  have  filed  a  lawsuit  to 
stop  Google  from  proceeding  with  the  Google  Print  Library  Project,  the  search 
giant’s  attempt  to  create  digital  copies  and  an  index  of  millions  of  books,  including 
those  still  under  copyrightThe  publishers  —  much  like  an  author's  group  that  filed  a 
similar  suit  earlier —  contends  that  what  Google  is  doing  constitutes  a  blatant  copy¬ 
right  infringement. 

Google  wants  us  to  believe  that  not  only  is  the  law  on  its  side  —  “fair  use"  and  all 
—  but  that  it  is  doing  the  work  of  angels  in  undertaking  what  is  at  its  core  a  com¬ 
mercial  project. 

“Creating  an  easy-to-use  index  of  books  is  fair  use  under  copyright  law  and  supports 
the  purpose  of  copyright;  to  increase  the  awareness  and  sales  of  books,  directly  bene¬ 
fiting  copyright  holders,”  said  David  Drummond,  Google's  general  counsel,  in  a  state¬ 
ment.  “This  short-sighted  attempt  to  block  Google  Print  works  counter  to  the  interests 
of  not  just  the  world’s  readers,  but  also  the  world’s  authors  and  publishers." 

Funny  how  so  many  of  the  world’s  authors  and  publishers  don’t  see  how  Google's 
doing  them  a  great  favor. 

Google  also  wants  us  to  believe  that  it  is  simply  impractical  to  obtain  permission 
from  authors  and  publishers  before  copying  their  copyrighted  works  and  including 
them  in  the  index. 

Funny  how  Google  competitor  Yahoo  is  in  the  midst  of  a  similar  book-indexing 
project  and  is  doing  so  with  the  express  permission  of  copyright  holders.  And  let’s 


not  forget  that  Google  has  enough  cash  on  hand  to  do  pretty  much  anything  it 
considers  important. 

Google  has  agreed  to  let  publishers  and  authors  decline  to  have  their  work  included 
in  Google  Print,  in  a  clear  but  futile  attempt  to  soften  opposition.  What’s  not  clear  is 
why  the  company  would  bother  to  offer  such  an  opt-out  option  if  its  lawyers  are  so 
convinced  that  the  fair-use  gambit  will  hold  up  in  court. 

This  isn’t  about  fair  use.  As  is  the  case  in  virtually  every  serious  legal  dispute,  this 
one  is  all  about  the  money.  While  Google  Print  may  one  day  prove  to  be  as  valuable  a 
public  resource  as  the  local  library,  there’s  no  getting  around  the  fact  that  it  is  first  and 
foremost  a  commercial  enterprise. 

“While  authors  and  publishers  know  how  useful  Google’s  search  engine  can  be  and 
think  the  Print  Library  could  be  an  excellent  resource,  the  bottom  line  is  that  under  its 
current  plan  Google  is  seeking  to  make  millions  of  dollars  by  freeloading  on  the  talent 
and  property  of  authors  and  publishers,”  says  AAP  President  and  former  Colorado 
Congresswoman  Patricia  Schroeder. 

Meanwhile,  bloggers  also  are  beginning  to  wonder  if  having  Google  on  hand  to  help  is 
any  better  than  having  a  government  agent  knocking  at  the  door. 

Google’s  free  Blogger  service  has  been  so  wildly  successful  that  virtually  anyone  can 
join  in  the  fun  —  including  hordes  of  spammers,  or  sploggers  as  they’re  known  in  the 
blogosphere.  While  phony  blogs  (splogs)  have  been  a  nuisance  for  some  time,  the  nui¬ 
sance  erupted  into  a  menace  last  week  with  the  use  of  automated  blog-generating 
software  resulting  in  thousands  of  splogs  that  rendered  blog  search  results  practically 
useless. 

The  firestorm  of  criticism  directed  at  Google  included  calls  for  pulling  the  plug 
on  Blogger.  You  can  get  a  sense  of  what’s  happening  on  the  front  lines  of  this  bat¬ 
tle  by  visiting  www.networkworld.com,  DocFinder:  9354.  Google’s  take  can  be  read 
at  DocFinder:  9355. 

By  week’s  end  Google  had  apparently  made  a  bit  of  progress  in  stemming  the  flow, 
but  critics  were  not  exactly  raising  glasses  over  the  results. 

Raise  issues  with  any  of  this  by  directing  an  e-mail  to  buzz@nww.com. 


Today,  James  configured  six  critical  servefg 
six  different  states 


all  before  lunchtime  in 


With  Avocent  data  center  management  solutions,  the  world  can  finally  revolve  around  you.  Avoceht 
DSView"  3  management  software  gives  you  a  secure,  centralized  point  of  control  -  whether  your  server  rooms  are 
across  the  hall  or  across  the  nation.  With  more  than  20  years’  experience,  Avocent  offers  multi-platform,  multi-device  access 
that  fits  seamlessly  into  your  multi-tasking  lifestyle.  You  can  manage  critical  servers,  networks  and  more,  all  from  a  single 
interface.  And  you  can  do  it  from  any  location.  Avocent  helps  you  save  time,  improve  efficiencies  -  and  brag  a  little  too.  .  ^ 


For  one-stop  information  on  improving  data  center  practices,  visit 
http://infrastructure.techweb.com 


Avocent,  the  Avocent  lo(|o.  The  Powei  of  Being  There  nnd  DSView  .ire  reghrtered  trademarks  of  Avocent  Corporation.  All  other  trademarks  or  company 
names  are  trademarks  or  registered  trademarks  of  therr  respectrve  cornpanres. 
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The  threat  you  need  to  see  coming 


can't  see  coming. 


The  Answer;  Proven  security. 
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Vulnerability  Manageitient 
Intrusion  Prevention 
E-Mail  &  Web  Security 
Anti-Spam 
Anti-Spyware 
Anti-Virus 
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